Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: test

Scan Information (show all):

Summary

Summary of Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
albums.js 00
app.js 00
errors.js 00
gradle-wrapper.jarcpe:2.3:a:gradle:gradle:4.4:*:*:*:*:*:*:*CRITICAL11High8
info.js 00
jacocoagent.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.8.9)pkg:maven/org.jacoco/org.jacoco.agent.rt@0.8.9 09
jacocoagent.jar (shaded: org.jacoco:org.jacoco.core:0.8.9)pkg:maven/org.jacoco/org.jacoco.core@0.8.9 09
jacocoagent.jarpkg:maven/org.jacoco/org.jacoco.agent@0.8.9 032
prettify.js 00
report.js 00
sort.js 00
spring-music-sqldb-1.0.jar 09
spring-music-sqldb-1.0.jar: HdrHistogram-2.1.10.jarpkg:maven/org.hdrhistogram/HdrHistogram@2.1.10 026
spring-music-sqldb-1.0.jar: HikariCP-2.7.8.jarpkg:maven/com.zaxxer/HikariCP@2.7.8 034
spring-music-sqldb-1.0.jar: LatencyUtils-2.0.3.jarcpe:2.3:a:utils_project:utils:2.0.3:*:*:*:*:*:*:*pkg:maven/org.latencyutils/LatencyUtils@2.0.3 0Highest19
spring-music-sqldb-1.0.jar: activation-1.1.jarpkg:maven/javax.activation/activation@1.1 032
spring-music-sqldb-1.0.jar: adal4j-1.6.0.jarcpe:2.3:a:microsoft:azure_active_directory:1.6.0:*:*:*:*:*:*:*pkg:maven/com.microsoft.azure/adal4j@1.6.0HIGH1Low24
spring-music-sqldb-1.0.jar: adapter-rxjava-2.1.0.jarpkg:maven/com.squareup.retrofit2/adapter-rxjava@2.1.0 023
spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jarpkg:maven/org.webjars/angular-ui@0.4.0-2 023
spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: angular-ui-ieshiv.js 00
spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: angular-ui-ieshiv.min.js 00
spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: angular-ui.js 00
spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: angular-ui.min.js 00
spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: webjars-requirejs.js 00
spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jarpkg:maven/org.webjars/angular-ui-bootstrap@0.10.0-1 017
spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: ui-bootstrap-tpls.js 00
spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: ui-bootstrap-tpls.min.js 00
spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: ui-bootstrap.js 00
spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: ui-bootstrap.min.js 00
spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: webjars-requirejs.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jarcpe:2.3:a:angularjs:angularjs:1.2.16:*:*:*:*:*:*:*pkg:javascript/angularjs@1.2.16
pkg:maven/org.webjars/angularjs@1.2.16
HIGH16High18
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_af-na.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_af-za.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_af.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_am-et.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_am.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-001.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-ae.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-bh.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-dz.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-eg.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-iq.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-jo.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-kw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-lb.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-ly.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-ma.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-om.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-qa.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-sa.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-sd.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-sy.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-tn.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-ye.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bg-bg.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bg.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bn-bd.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bn-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bn.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ca-ad.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ca-es.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ca.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_cs-cz.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_cs.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_da-dk.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_da.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-at.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-be.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-ch.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-de.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-li.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-lu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_el-cy.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_el-gr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_el.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-as.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-au.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-bb.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-be.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-bm.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-bw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-bz.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-ca.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-dsrt-us.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-dsrt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-fm.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-gb.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-gu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-gy.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-hk.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-ie.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-iso.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-jm.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-mh.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-mp.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-mt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-mu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-na.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-nz.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-ph.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-pk.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-pr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-pw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-sg.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-tc.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-tt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-um.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-us.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-vg.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-vi.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-za.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-zw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-419.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ar.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-bo.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-cl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-co.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-cr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-do.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ea.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ec.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-es.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-gq.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-gt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-hn.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ic.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-mx.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ni.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-pa.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-pe.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-pr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-py.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-sv.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-us.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-uy.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ve.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_et-ee.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_et.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_eu-es.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_eu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fa-af.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fa-ir.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fa.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fi-fi.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fi.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fil-ph.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fil.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-be.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-bf.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-bi.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-bj.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-bl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ca.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-cd.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-cf.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-cg.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ch.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ci.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-cm.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-dj.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-fr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ga.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-gf.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-gn.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-gp.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-gq.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-km.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-lu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-mc.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-mf.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-mg.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ml.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-mq.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ne.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-re.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-yt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gl-es.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gsw-ch.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gsw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gu-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_he-il.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_he.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hi-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hi.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hr-hr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hu-hu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_id-id.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_id.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_is-is.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_is.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_it-it.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_it-sm.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_it.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_iw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ja-jp.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ja.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_kn-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_kn.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ko-kr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ko.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ln-cd.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ln.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_lt-lt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_lt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_lv-lv.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_lv.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ml-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ml.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_mr-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_mr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ms-my.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ms.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_mt-mt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_mt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_nl-cw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_nl-nl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_nl-sx.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_nl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_no.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_or-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_or.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pl-pl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pt-br.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pt-pt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pt.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ro-ro.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ro.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ru-ru.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ru.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sk-sk.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sk.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sl-si.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sq-al.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sq.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sr-cyrl-rs.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sr-latn-rs.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sv-se.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sv.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sw-tz.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ta-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ta.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_te-in.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_te.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_th-th.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_th.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_tl.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_tr-tr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_tr.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_uk-ua.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_uk.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ur-pk.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ur.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_vi-vn.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_vi.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh-cn.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh-hans-cn.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh-hk.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh-tw.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zu-za.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zu.js 00
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-scenario.jspkg:javascript/angularjs@1.2.16
pkg:javascript/jquery@1.10.2
HIGH*216
spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: webjars-requirejs.js 00
spring-music-sqldb-1.0.jar: antlr-2.7.7.jarpkg:maven/antlr/antlr@2.7.7 017
spring-music-sqldb-1.0.jar: aspectjweaver-1.8.13.jarpkg:maven/org.aspectj/aspectjweaver@1.8.13 040
spring-music-sqldb-1.0.jar: azure-client-runtime-1.0.0.jarpkg:maven/com.microsoft.azure/azure-client-runtime@1.0.0 025
spring-music-sqldb-1.0.jar: azure-keyvault-1.0.0.jarcpe:2.3:a:microsoft:azure_sdk_for_java:1.0.0:*:*:*:*:*:*:*pkg:maven/com.microsoft.azure/azure-keyvault@1.0.0 0Low28
spring-music-sqldb-1.0.jar: bootstrap-3.1.1.jarpkg:javascript/bootstrap@3.1.1
pkg:maven/org.webjars/bootstrap@3.1.1
MEDIUM1018
spring-music-sqldb-1.0.jar: bootstrap-3.1.1.jar: webjars-requirejs.js 00
spring-music-sqldb-1.0.jar: bson-3.6.3.jarcpe:2.3:a:mongodb:bson:3.6.3:*:*:*:*:*:*:*pkg:maven/org.mongodb/bson@3.6.3 0Highest28
spring-music-sqldb-1.0.jar: classmate-1.3.4.jarpkg:maven/com.fasterxml/classmate@1.3.4 053
spring-music-sqldb-1.0.jar: client-runtime-1.0.0.jarpkg:maven/com.microsoft.rest/client-runtime@1.0.0 027
spring-music-sqldb-1.0.jar: commons-codec-1.11.jarpkg:maven/commons-codec/commons-codec@1.11 0102
spring-music-sqldb-1.0.jar: commons-collections4-4.1.jarcpe:2.3:a:apache:commons_collections:4.1:*:*:*:*:*:*:*pkg:maven/org.apache.commons/commons-collections4@4.1 0Highest102
spring-music-sqldb-1.0.jar: commons-lang3-3.7.jarpkg:maven/org.apache.commons/commons-lang3@3.7MEDIUM1138
spring-music-sqldb-1.0.jar: converter-jackson-2.1.0.jarpkg:maven/com.squareup.retrofit2/converter-jackson@2.1.0 023
spring-music-sqldb-1.0.jar: dom4j-1.6.1.jarcpe:2.3:a:dom4j_project:dom4j:1.6.1:*:*:*:*:*:*:*pkg:maven/dom4j/dom4j@1.6.1
pkg:maven/org.zenframework.z8.dependencies.commons/dom4j-1.6.1@2.0
CRITICAL2Highest137
spring-music-sqldb-1.0.jar: gson-2.8.2.jarcpe:2.3:a:google:gson:2.8.2:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.8.2HIGH2Highest24
spring-music-sqldb-1.0.jar: guava-20.0.jarcpe:2.3:a:google:guava:20.0:*:*:*:*:*:*:*pkg:maven/com.google.guava/guava@20.0HIGH3Highest19
spring-music-sqldb-1.0.jar: h2-1.4.197.jarcpe:2.3:a:h2database:h2:1.4.197:*:*:*:*:*:*:*pkg:maven/com.h2database/h2@1.4.197CRITICAL5Highest45
spring-music-sqldb-1.0.jar: h2-1.4.197.jar: data.zip: table.js 00
spring-music-sqldb-1.0.jar: h2-1.4.197.jar: data.zip: tree.js 00
spring-music-sqldb-1.0.jar: hibernate-commons-annotations-5.0.1.Final.jarpkg:maven/org.hibernate.common/hibernate-commons-annotations@5.0.1.Final 049
spring-music-sqldb-1.0.jar: hibernate-core-5.2.16.Final.jarcpe:2.3:a:hibernate:hibernate_orm:5.2.16:*:*:*:*:*:*:*pkg:maven/org.hibernate/hibernate-core@5.2.16.FinalHIGH2Low44
spring-music-sqldb-1.0.jar: hibernate-jpa-2.1-api-1.0.0.Final.jarpkg:maven/org.hibernate.javax.persistence/hibernate-jpa-2.1-api@1.0.0.Final 052
spring-music-sqldb-1.0.jar: hibernate-validator-6.0.9.Final.jarcpe:2.3:a:hibernate:hibernate-validator:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:hibernate_validator:6.0.9:*:*:*:*:*:*:*
pkg:maven/org.hibernate.validator/hibernate-validator@6.0.9.FinalMEDIUM4Highest31
spring-music-sqldb-1.0.jar: jackson-annotations-2.9.0.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.9.0:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.9.0MEDIUM1Low36
spring-music-sqldb-1.0.jar: jackson-core-2.9.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.9.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.9.5MEDIUM2Low44
spring-music-sqldb-1.0.jar: jackson-databind-2.9.5.jarcpe:2.3:a:fasterxml:jackson-databind:2.9.5:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.9.5:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.5CRITICAL65Highest40
spring-music-sqldb-1.0.jar: jackson-datatype-jdk8-2.9.5.jarcpe:2.3:a:fasterxml:jackson-modules-java8:2.9.5:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.9.5MEDIUM1Low38
spring-music-sqldb-1.0.jar: jackson-datatype-joda-2.9.5.jarpkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-joda@2.9.5 040
spring-music-sqldb-1.0.jar: jandex-2.0.3.Final.jarpkg:maven/org.jboss/jandex@2.0.3.Final 039
spring-music-sqldb-1.0.jar: javassist-3.22.0-GA.jarpkg:maven/org.javassist/javassist@3.22.0-GA 055
spring-music-sqldb-1.0.jar: javax.annotation-api-1.3.2.jarpkg:maven/javax.annotation/javax.annotation-api@1.3.2 045
spring-music-sqldb-1.0.jar: javax.transaction-api-1.2.jarpkg:maven/javax.transaction/javax.transaction-api@1.2 043
spring-music-sqldb-1.0.jar: jboss-logging-3.3.2.Final.jarpkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final 043
spring-music-sqldb-1.0.jar: jcip-annotations-1.0-1.jarpkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1 024
spring-music-sqldb-1.0.jar: joda-time-2.9.9.jarpkg:maven/joda-time/joda-time@2.9.9 044
spring-music-sqldb-1.0.jar: jquery-2.1.0-2.jarpkg:maven/org.webjars/jquery@2.1.0-2MEDIUM117
spring-music-sqldb-1.0.jar: jquery-2.1.0-2.jar: jquery.jspkg:javascript/jquery@2.1.0MEDIUM*53
spring-music-sqldb-1.0.jar: jquery-2.1.0-2.jar: jquery.min.jspkg:javascript/jquery@2.1.0MEDIUM*53
spring-music-sqldb-1.0.jar: jquery-2.1.0-2.jar: webjars-requirejs.js 00
spring-music-sqldb-1.0.jar: json-smart-1.3.1.jarcpe:2.3:a:json-smart_project:json-smart:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:json-smart_project:json-smart-v1:1.3.1:*:*:*:*:*:*:*
pkg:maven/net.minidev/json-smart@1.3.1HIGH3Highest26
spring-music-sqldb-1.0.jar: jul-to-slf4j-1.7.25.jarpkg:maven/org.slf4j/jul-to-slf4j@1.7.25 025
spring-music-sqldb-1.0.jar: lang-tag-1.7.jarpkg:maven/com.nimbusds/lang-tag@1.7 046
spring-music-sqldb-1.0.jar: lettuce-core-5.0.3.RELEASE.jarpkg:maven/io.lettuce/lettuce-core@5.0.3.RELEASE 038
spring-music-sqldb-1.0.jar: log4j-api-2.10.0.jarcpe:2.3:a:apache:log4j:2.10.0:*:*:*:*:*:*:*pkg:maven/org.apache.logging.log4j/log4j-api@2.10.0LOW1Highest43
spring-music-sqldb-1.0.jar: log4j-to-slf4j-2.10.0.jarpkg:maven/org.apache.logging.log4j/log4j-to-slf4j@2.10.0 039
spring-music-sqldb-1.0.jar: logback-classic-1.2.3.jarcpe:2.3:a:qos:logback:1.2.3:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-classic@1.2.3HIGH2Highest30
spring-music-sqldb-1.0.jar: logback-core-1.2.3.jarcpe:2.3:a:qos:logback:1.2.3:*:*:*:*:*:*:*pkg:maven/ch.qos.logback/logback-core@1.2.3HIGH4Highest30
spring-music-sqldb-1.0.jar: logging-interceptor-3.3.1.jarcpe:2.3:a:squareup:okhttp:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:squareup:okhttp3:3.3.1:*:*:*:*:*:*:*
pkg:maven/com.squareup.okhttp3/logging-interceptor@3.3.1MEDIUM2Highest19
spring-music-sqldb-1.0.jar: mail-1.4.7.jarpkg:maven/javax.mail/mail@1.4.7 043
spring-music-sqldb-1.0.jar: micrometer-core-1.0.3.jarpkg:maven/io.micrometer/micrometer-core@1.0.3 057
spring-music-sqldb-1.0.jar: mongodb-driver-3.6.3.jarpkg:maven/org.mongodb/mongodb-driver@3.6.3MEDIUM121
spring-music-sqldb-1.0.jar: mongodb-driver-core-3.6.3.jarcpe:2.3:a:mongodb:java_driver:3.6.3:*:*:*:*:*:*:*pkg:maven/org.mongodb/mongodb-driver-core@3.6.3 0Highest28
spring-music-sqldb-1.0.jar: mssql-jdbc-6.2.2.jre8.jarcpe:2.3:a:www-sql_project:www-sql:6.2.2.jre8:*:*:*:*:*:*:*pkg:maven/com.microsoft.sqlserver/mssql-jdbc@6.2.2.jre8 0Highest30
spring-music-sqldb-1.0.jar: mysql-connector-java-5.1.46.jarcpe:2.3:a:oracle:mysql_connector\/j:5.1.46:*:*:*:*:*:*:*
cpe:2.3:a:www-sql_project:www-sql:5.1.46:*:*:*:*:*:*:*
pkg:maven/mysql/mysql-connector-java@5.1.46HIGH7High39
spring-music-sqldb-1.0.jar: netty-codec-4.1.23.Final.jarcpe:2.3:a:netty:netty:4.1.23:*:*:*:*:*:*:*pkg:maven/io.netty/netty-codec@4.1.23.FinalCRITICAL*16Highest31
spring-music-sqldb-1.0.jar: netty-common-4.1.23.Final.jar (shaded: org.jctools:jctools-core:2.1.1)pkg:maven/org.jctools/jctools-core@2.1.1 09
spring-music-sqldb-1.0.jar: netty-common-4.1.23.Final.jarcpe:2.3:a:netty:netty:4.1.23:*:*:*:*:*:*:*pkg:maven/io.netty/netty-common@4.1.23.FinalCRITICAL*16Highest29
spring-music-sqldb-1.0.jar: netty-transport-4.1.23.Final.jarcpe:2.3:a:netty:netty:4.1.23:*:*:*:*:*:*:*pkg:maven/io.netty/netty-transport@4.1.23.FinalCRITICAL*15Highest29
spring-music-sqldb-1.0.jar: nimbus-jose-jwt-10.3.1.jar (shaded: com.google.code.gson:gson:2.12.1)cpe:2.3:a:google:gson:2.12.1:*:*:*:*:*:*:*pkg:maven/com.google.code.gson/gson@2.12.1 0Highest9
spring-music-sqldb-1.0.jar: nimbus-jose-jwt-10.3.1.jarcpe:2.3:a:connect2id:nimbus_jose\+jwt:10.3.1:*:*:*:*:*:*:*pkg:maven/com.nimbusds/nimbus-jose-jwt@10.3.1 0Highest50
spring-music-sqldb-1.0.jar: oauth2-oidc-sdk-5.24.1.jarpkg:maven/com.nimbusds/oauth2-oidc-sdk@5.24.1 056
spring-music-sqldb-1.0.jar: okhttp-3.3.1.jarcpe:2.3:a:squareup:okhttp:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:squareup:okhttp3:3.3.1:*:*:*:*:*:*:*
pkg:maven/com.squareup.okhttp3/okhttp@3.3.1HIGH3Highest17
spring-music-sqldb-1.0.jar: okhttp-urlconnection-3.3.1.jarcpe:2.3:a:squareup:okhttp:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:squareup:okhttp3:3.3.1:*:*:*:*:*:*:*
pkg:maven/com.squareup.okhttp3/okhttp-urlconnection@3.3.1MEDIUM2Highest17
spring-music-sqldb-1.0.jar: okio-1.8.0.jarcpe:2.3:a:squareup:okio:1.8.0:*:*:*:*:*:*:*pkg:maven/com.squareup.okio/okio@1.8.0HIGH1Highest15
spring-music-sqldb-1.0.jar: postgresql-42.2.2.jar (shaded: com.ongres.scram:client:1.0.0-beta.2)pkg:maven/com.ongres.scram/client@1.0.0-beta.2 09
spring-music-sqldb-1.0.jar: postgresql-42.2.2.jar (shaded: com.ongres.scram:common:1.0.0-beta.2)pkg:maven/com.ongres.scram/common@1.0.0-beta.2 09
spring-music-sqldb-1.0.jar: postgresql-42.2.2.jarcpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.2:*:*:*:*:*:*:*pkg:maven/org.postgresql/postgresql@42.2.2CRITICAL7Low44
spring-music-sqldb-1.0.jar: reactive-streams-1.0.2.jarpkg:maven/org.reactivestreams/reactive-streams@1.0.2 031
spring-music-sqldb-1.0.jar: reactor-core-3.1.6.RELEASE.jarpkg:maven/io.projectreactor/reactor-core@3.1.6.RELEASE 063
spring-music-sqldb-1.0.jar: retrofit-2.1.0.jarcpe:2.3:a:squareup:retrofit:2.1.0:*:*:*:*:*:*:*pkg:maven/com.squareup.retrofit2/retrofit@2.1.0HIGH1Highest17
spring-music-sqldb-1.0.jar: rxjava-1.3.8.jarpkg:maven/io.reactivex/rxjava@1.3.8 059
spring-music-sqldb-1.0.jar: slf4j-api-1.7.25.jarpkg:maven/org.slf4j/slf4j-api@1.7.25 024
spring-music-sqldb-1.0.jar: snakeyaml-1.19.jarcpe:2.3:a:snakeyaml_project:snakeyaml:1.19:*:*:*:*:*:*:*pkg:maven/org.yaml/snakeyaml@1.19CRITICAL8Highest41
spring-music-sqldb-1.0.jar: spring-boot-2.0.1.RELEASE.jarcpe:2.3:a:vmware:spring_boot:2.0.1:release:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot@2.0.1.RELEASECRITICAL3Highest41
spring-music-sqldb-1.0.jar: spring-boot-actuator-2.0.1.RELEASE.jarcpe:2.3:a:vmware:spring_boot:2.0.1:release:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot-actuator@2.0.1.RELEASECRITICAL4Highest43
spring-music-sqldb-1.0.jar: spring-boot-actuator-autoconfigure-2.0.1.RELEASE.jarcpe:2.3:a:vmware:spring_boot:2.0.1:release:*:*:*:*:*:*pkg:maven/org.springframework.boot/spring-boot-actuator-autoconfigure@2.0.1.RELEASECRITICAL4Highest46
spring-music-sqldb-1.0.jar: spring-boot-starter-web-2.0.1.RELEASE.jarcpe:2.3:a:vmware:spring_boot:2.0.1:release:*:*:*:*:*:*
cpe:2.3:a:web_project:web:2.0.1:release:*:*:*:*:*:*
pkg:maven/org.springframework.boot/spring-boot-starter-web@2.0.1.RELEASECRITICAL3Highest36
spring-music-sqldb-1.0.jar: spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar (shaded: com.fasterxml.jackson.core:jackson-annotations:2.3.0)cpe:2.3:a:fasterxml:jackson-modules-java8:2.3.0:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.3.0MEDIUM1Low16
spring-music-sqldb-1.0.jar: spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar (shaded: com.fasterxml.jackson.core:jackson-core:2.3.3)cpe:2.3:a:fasterxml:jackson-modules-java8:2.3.3:*:*:*:*:*:*:*pkg:maven/com.fasterxml.jackson.core/jackson-core@2.3.3MEDIUM1Low16
spring-music-sqldb-1.0.jar: spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.3.3)cpe:2.3:a:fasterxml:jackson-databind:2.3.3:*:*:*:*:*:*:*
cpe:2.3:a:fasterxml:jackson-modules-java8:2.3.3:*:*:*:*:*:*:*
pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.3.3CRITICAL48Highest16
spring-music-sqldb-1.0.jar: spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jarcpe:2.3:a:pivotal_software:cloud_foundry:2.0.1:release:*:*:*:*:*:*pkg:maven/org.springframework.cloud/spring-cloud-cloudfoundry-connector@2.0.1.RELEASECRITICAL8Highest32
spring-music-sqldb-1.0.jar: spring-cloud-connectors-core-2.0.1.RELEASE.jarpkg:maven/org.springframework.cloud/spring-cloud-connectors-core@2.0.1.RELEASE 045
spring-music-sqldb-1.0.jar: spring-cloud-spring-service-connector-2.0.1.RELEASE.jarcpe:2.3:a:service_project:service:2.0.1:release:*:*:*:*:*:*pkg:maven/org.springframework.cloud/spring-cloud-spring-service-connector@2.0.1.RELEASE 0High45
spring-music-sqldb-1.0.jar: spring-context-5.0.5.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.0.5:release:*:*:*:*:*:*
pkg:maven/org.springframework/spring-context@5.0.5.RELEASECRITICAL*14Highest36
spring-music-sqldb-1.0.jar: spring-core-5.0.5.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.0.5:release:*:*:*:*:*:*
pkg:maven/org.springframework/spring-core@5.0.5.RELEASECRITICAL*13Highest38
spring-music-sqldb-1.0.jar: spring-data-commons-2.0.6.RELEASE.jarcpe:2.3:a:pivotal_software:spring_data_commons:2.0.6:release:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-commons@2.0.6.RELEASEHIGH1Highest26
spring-music-sqldb-1.0.jar: spring-data-jpa-2.0.6.RELEASE.jarcpe:2.3:a:pivotal_software:spring_data_jpa:2.0.6:release:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-jpa@2.0.6.RELEASEMEDIUM2Highest28
spring-music-sqldb-1.0.jar: spring-data-keyvalue-2.0.6.RELEASE.jarpkg:maven/org.springframework.data/spring-data-keyvalue@2.0.6.RELEASE 026
spring-music-sqldb-1.0.jar: spring-data-mongodb-2.0.6.RELEASE.jarcpe:2.3:a:vmware:spring_data_mongodb:2.0.6:release:*:*:*:*:*:*pkg:maven/org.springframework.data/spring-data-mongodb@2.0.6.RELEASECRITICAL1Highest26
spring-music-sqldb-1.0.jar: spring-data-redis-2.0.6.RELEASE.jarpkg:maven/org.springframework.data/spring-data-redis@2.0.6.RELEASE 026
spring-music-sqldb-1.0.jar: spring-expression-5.0.5.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.0.5:release:*:*:*:*:*:*
pkg:maven/org.springframework/spring-expression@5.0.5.RELEASECRITICAL*15Highest40
spring-music-sqldb-1.0.jar: spring-web-5.0.5.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:web_project:web:5.0.5:release:*:*:*:*:*:*
pkg:maven/org.springframework/spring-web@5.0.5.RELEASECRITICAL*21Highest38
spring-music-sqldb-1.0.jar: spring-webmvc-5.0.5.RELEASE.jarcpe:2.3:a:pivotal_software:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:springsource:spring_framework:5.0.5:release:*:*:*:*:*:*
cpe:2.3:a:vmware:spring_framework:5.0.5:release:*:*:*:*:*:*
pkg:maven/org.springframework/spring-webmvc@5.0.5.RELEASECRITICAL*15Highest38
spring-music-sqldb-1.0.jar: tomcat-embed-core-8.5.29.jarcpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:8.5.29:*:*:*:*:*:*:*
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core@8.5.29CRITICAL*39Highest23
spring-music-sqldb-1.0.jar: tomcat-embed-el-8.5.29.jarpkg:maven/org.apache.tomcat.embed/tomcat-embed-el@8.5.29 024
spring-music-sqldb-1.0.jar: tomcat-embed-websocket-8.5.29.jarcpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:8.5.29:*:*:*:*:*:*:*
pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@8.5.29CRITICAL*39Highest27
spring-music-sqldb-1.0.jar: validation-api-2.0.1.Final.jarpkg:maven/javax.validation/validation-api@2.0.1.Final 049
status.js 00

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

albums.js

File Path: /github/workspace/build/resources/main/static/js/albums.js
MD5: b6df3deaf2b0bff56b50ca6fd50d71ef
SHA1: 5cae9c51e15021bb51fcbb99f7a25ae14aacb93a
SHA256:02aa785ae28edecf76f122b74842fdb457b75453dc98c2ded200605b1df18332

Identifiers

  • None

app.js

File Path: /github/workspace/build/resources/main/static/js/app.js
MD5: c56a39bb605832ad75abebdc4b700585
SHA1: e8047478e12c01fcd89e38d249aad4990b98cb45
SHA256:65b52c17592b496f6941156c48bf1fa2797538311f247395e621fe4cf037f142

Identifiers

  • None

errors.js

File Path: /github/workspace/build/resources/main/static/js/errors.js
MD5: 22ba03b9ba7a4deab4d4545bd02b464c
SHA1: f31d03be28698f9450bc1609ba37034f30665d57
SHA256:03efda7955d3e99b8067d6d27c97dc14ae638fbcbe83c728edd7f6e35f7b1c35

Identifiers

  • None

gradle-wrapper.jar

File Path: /github/workspace/gradle/wrapper/gradle-wrapper.jar
MD5: 83e4276503aa8ca4e50b4221e406c214
SHA1: 9454732292541339b18084df0bdba55b027af937
SHA256:88b5b31f390a268ab3773df580d83fd1e388f49c2b685f78a16600577bd72fe2

Identifiers

CVE-2019-15052  

The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.
CWE-522 Insufficiently Protected Credentials

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2023-35947  

Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability.



### Impact

This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip.

* When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions.
* For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read.

To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed.

Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build.

### Patches

A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name.

It is recommended that users upgrade to a patched version.

### Workarounds

There is no workaround.

* If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability.
* If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured.

### References

* [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html)
* [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html)
* [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-29428  

In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. Gradle builds could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. This vulnerability impacted builds using precompiled script plugins written in Kotlin DSL and tests for Gradle plugins written using ProjectBuilder or TestKit. If you are on Windows or modern versions of macOS, you are not vulnerable. If you are on a Unix-like operating system with the "sticky" bit set on your system temporary directory, you are not vulnerable. The problem has been patched and released with Gradle 7.0. As a workaround, on Unix-like operating systems, ensure that the "sticky" bit is set. This only allows the original user (or root) to delete a file. If you are unable to change the permissions of the system temporary directory, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only. For additional details refer to the referenced GitHub Security Advisory.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.4)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11979  

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.
CWE-379 Creation of Temporary File in Directory with Insecure Permissions, NVD-CWE-Other

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-32751  

Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command.
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (8.5)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

References:

Vulnerable Software & Versions:

CVE-2023-44387  

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.
CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:2.0/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2019-11065  

Gradle versions from 1.4 to 5.3.1 use an insecure HTTP URL to download dependencies when the built-in JavaScript or CoffeeScript Gradle plugins are used. Dependency artifacts could have been maliciously compromised by a MITM attack against the ajax.googleapis.com web site.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2019-16370  

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions:

CVE-2021-29429  

In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. Some builds could be vulnerable to a local information disclosure. Remote files accessed through TextResourceFactory are downloaded into the system temporary directory first. Sensitive information contained in these files can be exposed to other local users on the same system. If you do not use the `TextResourceFactory` API, you are not vulnerable. As of Gradle 7.0, uses of the system temporary directory have been moved to the Gradle User Home directory. By default, this directory is restricted to the user running the build. As a workaround, set a more restrictive umask that removes read access to other users. When files are created in the system temporary directory, they will not be accessible to other users. If you are unable to change your system's umask, you can move the Java temporary directory by setting the System Property `java.io.tmpdir`. The new path needs to limit permissions to the build user only.
CWE-377 Insecure Temporary File

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-35946  

Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-42445  

Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:1.6/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

info.js

File Path: /github/workspace/build/resources/main/static/js/info.js
MD5: 26f4537eebc0c44b3b5768822f588bd4
SHA1: 8b9b14b5e86740cc17a5ec1f75b544bc38c26324
SHA256:8a8c3235f45f5ef27de6fdfee9a25970ab9bfa8fb7eb4fbc14f7ffb91bef7360

Identifiers

  • None

jacocoagent.jar (shaded: org.jacoco:org.jacoco.agent.rt:0.8.9)

Description:

JaCoCo Java Agent

File Path: /github/workspace/build/tmp/expandedArchives/org.jacoco.agent-0.8.9.jar_3a0f8c0154949e09129394b57a7a1563/jacocoagent.jar/META-INF/maven/org.jacoco/org.jacoco.agent.rt/pom.xml
MD5: 06f8be91bf1dee590f62342c16f4cb5e
SHA1: b76c6513056458a597ff2fee17812306d1517b1d
SHA256:d1e4d1e96612c192aa62af1e4fb053720b74b890d38b5cec03bc4a0fa62b58b2

Identifiers

jacocoagent.jar (shaded: org.jacoco:org.jacoco.core:0.8.9)

Description:

JaCoCo Core

File Path: /github/workspace/build/tmp/expandedArchives/org.jacoco.agent-0.8.9.jar_3a0f8c0154949e09129394b57a7a1563/jacocoagent.jar/META-INF/maven/org.jacoco/org.jacoco.core/pom.xml
MD5: a289ecd9035330a8892a80e3eb53c046
SHA1: 04abbbb943140ca9f7f6c029eb554c38b7f40c1f
SHA256:5404f7052765a64374d275367fd9485bb5996b369113c89a8557d8f024810f02

Identifiers

jacocoagent.jar

Description:

JaCoCo Agent

File Path: /github/workspace/build/tmp/expandedArchives/org.jacoco.agent-0.8.9.jar_3a0f8c0154949e09129394b57a7a1563/jacocoagent.jar
MD5: e852c5e07bc13ffdc6a68303799f80ad
SHA1: ad836d1c585c7e1dbf5cf828efa34528d9700303
SHA256:191734a0b7ef97606e6a09ae584c4acab47eb30fcb4c555d3d440d4e0d71d73d

Identifiers

prettify.js

File Path: /github/workspace/build/reports/jacoco/test/html/jacoco-resources/prettify.js
MD5: 4b337aaa3c606cfc1a6ff1986db2c8cb
SHA1: 290093755739da933c180ae7e7ebf283724dad1d
SHA256:743c6c4cab9499cd0bfe18a5a62281eccce843f47ec75eedb32eeb29c755aa68

Identifiers

  • None

report.js

File Path: /github/workspace/build/reports/tests/test/js/report.js
MD5: de20378567ed128a8084bb84fa9a704c
SHA1: e00fae3553098953945837c2dce0634b35ab1932
SHA256:fc89c6d002d18f4662065c9887b2cda8f8486f2737d4ad0f2fdeac0ad58a44dc

Identifiers

  • None

sort.js

File Path: /github/workspace/build/reports/jacoco/test/html/jacoco-resources/sort.js
MD5: d101d06d26e7deaf2b224e0d2137509a
SHA1: 2c715325b546adf5beff3d624ce002a7256e3efe
SHA256:7ff293dabc89d68e33d5611f2de0dbbbcfed7e0177726fab5f9dcc0b91f593af

Identifiers

  • None

spring-music-sqldb-1.0.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar
MD5: 63abd11d8c1c9128c71aa30725f84acd
SHA1: 7383643a26f9fd8d899be51c3df79737d7829646
SHA256:7c29a7cdfab9a6498d4ef53a4e1a4e8908f8103a51c602dd2e2cc48203ad5f9e

Identifiers

  • None

spring-music-sqldb-1.0.jar: HdrHistogram-2.1.10.jar

Description:

        HdrHistogram supports the recording and analyzing sampled data value
        counts across a configurable integer value range with configurable value
        precision within the range. Value precision is expressed as the number of
        significant digits in the value recording, and provides control over value
        quantization behavior across the value range and the subsequent value
        resolution at any given level.
    

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
BSD-2-Clause: https://opensource.org/licenses/BSD-2-Clause
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/HdrHistogram-2.1.10.jar
MD5: f7fd592029a3f8cc3b3c2488d43c6d8d
SHA1: 9e1ac84eed220281841b75e72fb9de5a297fbf04
SHA256:6a65119ee9372e58b490e889e9f8293802efd3bbc2549dd47b6e1259cd12402c

Identifiers

spring-music-sqldb-1.0.jar: HikariCP-2.7.8.jar

Description:

Ultimate JDBC Connection Pool

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/HikariCP-2.7.8.jar
MD5: 2066841de0d44c07a9d1b502f1b6cf94
SHA1: 4a3a604fa2efa89621aa498d04e000b2bed90c39
SHA256:9e6a79789bcd46ccffe1fc5a92be2b7b94ddc7f538c32f01952536b22d23fd96

Identifiers

spring-music-sqldb-1.0.jar: LatencyUtils-2.0.3.jar

Description:

        LatencyUtils is a package that provides latency recording and reporting utilities.
    

License:

Public Domain, per Creative Commons CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/LatencyUtils-2.0.3.jar
MD5: 2ad12e1ef7614cecfb0483fa9ac6da73
SHA1: 769c0b82cb2421c8256300e907298a9410a2a3d3
SHA256:a32a9ffa06b2f4e01c5360f8f9df7bc5d9454a5d373cd8f361347fa5a57165ec

Identifiers

spring-music-sqldb-1.0.jar: activation-1.1.jar

Description:

    JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).
  

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50
SHA256:2881c79c9d6ef01c58e62beea13e9d1ac8b8baa16f2fc198ad6e6776defdcdd3

Identifiers

spring-music-sqldb-1.0.jar: adal4j-1.6.0.jar

Description:

    Azure active directory library for Java gives you the ability to add Windows Azure Active Directory 
    authentication to your web application with just a few lines of additional code. Using our ADAL SDKs you 
    can quickly and easily extend your existing application to all the employees that use Windows Azure 
    AD and Active Directory on-premises using Active Directory Federation Services, including Office365 
    customers.
  

License:

MIT License
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/adal4j-1.6.0.jar
MD5: ea5ee234502edd75d6b60704eff6028d
SHA1: 5075875d651ed11b59f4053cd033ceb8bbc1a8e3
SHA256:f3f8195752c98cac306617363ccf0ef19a0475af3960ee1847b929e77fb63eac

Identifiers

CVE-2021-42306  

An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate keyCredential  on an Azure AD Application or Service Principal (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.
Azure AD addressed this vulnerability by preventing disclosure of any private key values added to the application.
Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.
For more details on this issue, please refer to the MSRC Blog Entry.
CWE-522 Insufficiently Protected Credentials

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: adapter-rxjava-2.1.0.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/adapter-rxjava-2.1.0.jar
MD5: 2c148d6edaddd4dc63e00947550e1bd5
SHA1: 693eddc23e87ab13f9cf5001707ce8e7e1d1ff01
SHA256:30d08849b7382549243e8a7b65c7cbcd8b1f30c97e03153d0211f87efd7be4c1

Identifiers

spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar

Description:

WebJar for AngularUI

License:

MIT License: https://github.com/angular-ui/angular-ui/blob/master/LICENSE
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-0.4.0-2.jar
MD5: 040d7d520f8bec40e6cb91514bc1212e
SHA1: 8deff747c57910574bfa757abce9e1873dc015ce
SHA256:61698ce01faa019cbe1a4aacd68163f70d4d16d0f4f4d1dd54e7d19fb928f886

Identifiers

spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: angular-ui-ieshiv.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-0.4.0-2.jar/META-INF/resources/webjars/angular-ui/0.4.0/angular-ui-ieshiv.js
MD5: db2961939a0a8ea4fa8cd627fa8ebd42
SHA1: d3f1375472c9d88157cdee8a410ebaf092429d53
SHA256:269c614f28c2a9470a6f1c3642a1734986a949f9272a0ce52e1c9d7eb888028f

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: angular-ui-ieshiv.min.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-0.4.0-2.jar/META-INF/resources/webjars/angular-ui/0.4.0/angular-ui-ieshiv.min.js
MD5: f77a7f92be3f43f1770740a1bc4a36d1
SHA1: 1d2a9dbbb947fa7d245beb6fe0e45269d099fcb4
SHA256:66a6f6df130eaef6d1c61bddbcfb21e863c070d1fb87f5cb6fe11a58f17242d3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: angular-ui.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-0.4.0-2.jar/META-INF/resources/webjars/angular-ui/0.4.0/angular-ui.js
MD5: 78d98a029a2b7721c92c1d8fd61238d5
SHA1: 6de051ea1e3fc9891b1da1c57bb7c06ff3203c6e
SHA256:f9d01b24e8e56ae4378443ebc65513c322aeb5af28f5cb6364ec02e077f7fcaa

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: angular-ui.min.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-0.4.0-2.jar/META-INF/resources/webjars/angular-ui/0.4.0/angular-ui.min.js
MD5: b33f486ae57ed694809e6eaad880be82
SHA1: 0a5a807ead812ec3bd0b9ce8512aefc61fc7a877
SHA256:a410f8bf4a06b2ffd097fd7630c761dee535c9fdbe4e0f0de309b33525f7adb3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-0.4.0-2.jar: webjars-requirejs.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-0.4.0-2.jar/META-INF/resources/webjars/angular-ui/0.4.0/webjars-requirejs.js
MD5: edb68afe6f8ceec99a4fb9f33632b6e4
SHA1: b3732c46dd14c6c09e68fe83029872838639343b
SHA256:51e31f0b6e46545f6b293ed4cc1688adae02386e2c5dde9530f238ccedfa4b8b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar

Description:

WebJar for Angular UI Bootstrap

License:

MIT License: https://github.com/angular-ui/bootstrap/blob/master/LICENSE
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-bootstrap-0.10.0-1.jar
MD5: 85ab8f59807a4097e7706c7305d3fd4c
SHA1: 36425a16aca739ff1123661fa763333142bdf311
SHA256:a1a10220615d75ff46f0315e3e575f1dff8738102ac7e2676e225beb73bb3fb2

Identifiers

spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: ui-bootstrap-tpls.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-bootstrap-0.10.0-1.jar/META-INF/resources/webjars/angular-ui-bootstrap/0.10.0/ui-bootstrap-tpls.js
MD5: 5274f0a1f411f1e8a7f7eae0620361fd
SHA1: e21e017665abea9cc2f06f06286fc5b28e2fc117
SHA256:769d5f32ce5fcbb7883b88bb39d748a6e994893ebb024627d76410fc9bcdc7aa

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: ui-bootstrap-tpls.min.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-bootstrap-0.10.0-1.jar/META-INF/resources/webjars/angular-ui-bootstrap/0.10.0/ui-bootstrap-tpls.min.js
MD5: 148a1e75b8734cd4b72269e2c9aec02d
SHA1: 91d6e5c34f69c59f3c6627a212c5504ab4131343
SHA256:9ac24f79e71caa6403f3417d207e60368f3e01dae2765c6172c8fceea2f3721b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: ui-bootstrap.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-bootstrap-0.10.0-1.jar/META-INF/resources/webjars/angular-ui-bootstrap/0.10.0/ui-bootstrap.js
MD5: 9b97833cf878ec391e87ead3669b50fc
SHA1: 63fd5ee6b3d4daf60613139f2ae0a442d8fd80e2
SHA256:900b2db42ca78a4238c14dfdcf7fb801f57387d25495fa4735f6c82255c48d0b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: ui-bootstrap.min.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-bootstrap-0.10.0-1.jar/META-INF/resources/webjars/angular-ui-bootstrap/0.10.0/ui-bootstrap.min.js
MD5: 257ab601ed6a20539186c31ac61aea12
SHA1: c39771e87b36d9abbf56aae2c76404090550330d
SHA256:7ea610a66460266f2e709ec9360f69317dae6865c0d6e5c4275e49a15966c497

Identifiers

  • None

spring-music-sqldb-1.0.jar: angular-ui-bootstrap-0.10.0-1.jar: webjars-requirejs.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angular-ui-bootstrap-0.10.0-1.jar/META-INF/resources/webjars/angular-ui-bootstrap/0.10.0/webjars-requirejs.js
MD5: 5dade7519d4cb0442bc701e1c1884a09
SHA1: ce306175f45b2c6ab4a1d49f82e41f2d1e8c17c0
SHA256:f1eb6d709cfb26e227d72e601eed63f6d455080eee0790ee6f6b1a18c0436d97

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar

Description:

WebJar for AngularJS

License:

MIT License: https://github.com/angular/angular.js/blob/master/LICENSE
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar
MD5: a5ee8f1a710c9ace3ca3f85b25307c4f
SHA1: 2a2d9eb9506e014fca469f2669697474c777a8c2
SHA256:5bb4f6167d282e263d4719a87c33e508a6b089610192224b96548fbff847d196

Identifiers

CVE-2019-10768  

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.9

CVE-2022-25869  

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:*

CVE-2019-14863 (OSSINDEX)  

angular - mutation Cross-Site Scripting (mXSS) [CVE-2019-14863]

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (5.400000095367432)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.webjars:angularjs:1.2.16:*:*:*:*:*:*:*

CVE-2020-7676  

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:2.3/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0

CVE-2023-26116  

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:* versions from (including) 1.2.21; versions up to (including) 1.8.3

CVE-2023-26117  

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:* versions from (including) 1.0.0; versions up to (including) 1.8.3

CVE-2023-26118  

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:* versions from (including) 1.4.9; versions up to (including) 1.8.3

CVE-2024-8373  

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .
CWE-791 Incomplete Filtering of Special Elements, NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* versions up to (including) 1.8.3
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Cross-Site Scripting via JSONP (RETIREJS)  

Cross-Site Scripting via JSONP
Unscored:
  • Severity: medium

References:

DOS in $sanitize (RETIREJS)  

DOS in $sanitize
Unscored:
  • Severity: medium

References:

The attribute usemap can be used as a security exploit (RETIREJS)  

The attribute usemap can be used as a security exploit
Unscored:
  • Severity: medium

References:

Universal CSP bypass via add-on in Firefox (RETIREJS)  

Universal CSP bypass via add-on in Firefox
Unscored:
  • Severity: medium

References:

XSS via JQLite DOM manipulation functions in AngularJS (RETIREJS)  

XSS via JQLite DOM manipulation functions in AngularJS
Unscored:
  • Severity: medium

References:

CVE-2025-0716 (RETIREJS)  

Unscored:

  • Severity: low

References:

End-of-Life: Long term support for AngularJS has been discontinued as of December 31, 2021 (RETIREJS)  

End-of-Life: Long term support for AngularJS has been discontinued as of December 31, 2021
Unscored:
  • Severity: low

References:

XSS in $sanitize in Safari/Firefox (RETIREJS)  

XSS in $sanitize in Safari/Firefox
Unscored:
  • Severity: low

References:

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_af-na.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_af-na.js
MD5: 52b062dd8460f895f78ae2922afe5370
SHA1: 622a9a950180ca89bf8f82bd07fe996423fe4ebc
SHA256:1831a93e826ce84debe66b59ec226ac6e391fe32fe8840903a65bec37acdc269

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_af-za.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_af-za.js
MD5: cf53af59608ac752371295d59b95d08f
SHA1: 8bfad7c9c006907bef603878e97342b34d830a82
SHA256:be3389407f81b5acca6fed92bd760f76dea55c24a1b3ec458c1bb4c5a692907f

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_af.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_af.js
MD5: 33952d0b922128a216b50dcc714135de
SHA1: 8b3817b599f1a62f1e20bd283e48944b6eb34b06
SHA256:e9b66ef1fa1d2ee2ba2d1cb997158f666f4d43bb5e6593f9e7d71ed896d7030d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_am-et.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_am-et.js
MD5: 94736b059106c512be99a2196eec426f
SHA1: df7e37b8227a028e7de18bd5495586cb74f3932f
SHA256:d5781adba452ed3ea8b0e5f9907c4b7dd18aeb4958b8b318aa0fd9a035976ce3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_am.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_am.js
MD5: 426072230e164a917397ea64a64e84ef
SHA1: a57f29cf3958ece77643e058dd5a8d78946ef7b3
SHA256:84f6ed6d738430f6a8023cac92979504ff5842081118a54df144f352545c3773

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-001.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-001.js
MD5: 2503eb8d5dc0dda7935562da1b8c3b05
SHA1: c040b61fafc48f22d225254752851c9cf710ba51
SHA256:7dc884b5378938a55546d4c2e522e5be0c33e6a06c10297d78fb8f974a327aa1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-ae.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-ae.js
MD5: d3f4c9a3e30d6bf510c4102c75a8e5e6
SHA1: b60262eb0996094e657f57b0792f7ff8444d9a58
SHA256:0b59d0fbacabbbc4f82d2371af52ff68ad24f05a6953aaeb733fd51081d022ad

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-bh.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-bh.js
MD5: 13b2e13d7c0cd1444f9638c1898cdffe
SHA1: e0eb25e81a1358dbc67b2c21abb2072a06ab39ff
SHA256:c773e4e8ab72cc9b46840e3f9261f66c033bf49be4ffecf6fd8af5cb44b6aed5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-dz.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-dz.js
MD5: d8cf5006ec70a6239d59b9f08ebd4453
SHA1: da114d7b8ae9a899520aa0285970641e1058b97f
SHA256:3f8c6a901f0dd155da1171ba1ca305af4c7c8a0de2d5afade2f3d264f9ecedb1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-eg.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-eg.js
MD5: b47b19ba698a4ec838a477682500ee33
SHA1: d090901c55a8c12857bc9bb5515418994e1de15d
SHA256:3cd88d750d9bcba755c91ed0d41522cb0ea8cbca56bec4d5bfd0dc2c176a02ca

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-iq.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-iq.js
MD5: e143918a9751017d8a8398b612f28708
SHA1: b469414b5493254a9dbd32493e50ae197258a17b
SHA256:41c5ab7033f462a9eee3bebd380f140a47d51b25b2690a282d9fe70d0c0480f8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-jo.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-jo.js
MD5: 333f52ab5f556e4615c6b0e90175adc3
SHA1: 2812afc8efe97bca8430ba19791f544e0602923d
SHA256:d501ccedf6b7c2c8efbdef4886ba7081aa1c10ff71bbb9dd08f809eea71ff03c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-kw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-kw.js
MD5: 181dbddc1db603a6d4f0730faefbd310
SHA1: 2b4378fa3d06562cceaaaf9932163fc9be63fd34
SHA256:7326112f7a25070b9f9374035eaabfd7673d040a7e451745d14239a575648aa0

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-lb.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-lb.js
MD5: 7c8849ea2b46f1a5de071e42d53e8d12
SHA1: 8fe79317aca39e06a6e85f6675a8bbb6ac409672
SHA256:d1ecda94e4631bacc277fc9c5f3f29862d185d48c6b6fa85983b0a9554ad1868

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-ly.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-ly.js
MD5: e6cce31a43739f6cda94ab6600fc1b82
SHA1: 08a932e7f93ed2f220ea678e1595345952a61021
SHA256:b09d8a9dc41fe0da100c0725b98837f449c0500115a55eceba02a72d0629e30d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-ma.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-ma.js
MD5: ab12d975d77ff659ee4e99a523e2f2ea
SHA1: ab53177cf4c8dee84b2ae48540f51dedb71721ae
SHA256:e0ca412bc19f78a219ba091843d2894b8c1bbeeacd52b340d643f3f5acc78d7a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-om.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-om.js
MD5: e883191a5f5b7b63bf60c434abeb2b29
SHA1: 1580f1503b55fd0d93a5f3e892a21e61356400bf
SHA256:6917f819cadca52f215958718b8192d6f21b9804775d06c9fa43f7e258a59ccd

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-qa.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-qa.js
MD5: 433f00ff8d6afaa109c083ae8a3e0a38
SHA1: 012b10d49f3cbe952ec21030bb2dd21b587f8aaf
SHA256:a1e599b972f47694a45d7658f2c5ae0a69381f00c3d415f7773c6cdf90414d70

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-sa.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-sa.js
MD5: 015c2cb899d3fd2d92e62b0200c67def
SHA1: c224ba8ac2746633056ea4ffcc483037577bfdf4
SHA256:7ec214ed1ec29ec718e79f4e652a32ebfe2c6e841cda212b27f5a53fabaf47b7

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-sd.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-sd.js
MD5: c10ad54ab0afff6e603ab8c9642a281d
SHA1: 8d8dcd06f0ee7dc2702bfda3302e8aefdba1e7c6
SHA256:c7f63e47dbb16122f671e08196768c72741983cd5a55f51ba2b62ea84946647d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-sy.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-sy.js
MD5: d84c814380e69e73f5a3bbfdcca08501
SHA1: ae8a0498e857efc1e3757c1648d69b71d42c51af
SHA256:2d856bc816bc75553263899c8a77d7c554a3497305ec2374e163e121de54ee9a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-tn.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-tn.js
MD5: 9aad40f8c0579f947d53bfb0cbe70262
SHA1: 2f661457996763737bdd53f96f41166f8761400e
SHA256:519ae7417da58d04b199bb067004353c1683b0d8f56cacee4b74c0f9a3fc6b95

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar-ye.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar-ye.js
MD5: ee7c1c079a8e905ecfd8a48484594c2c
SHA1: eb67c8499dd57160629b2c32fff56ff8f4117f99
SHA256:cdd636b7955f7ea1f7add9b42196904188402cdfe80b9ebb3241c599af5e03a3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ar.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ar.js
MD5: 71b4a9f1b52aec131c59d7b37626735d
SHA1: da2fbde5c6c6d4fce2e966623d61b40cb21d7623
SHA256:249be3f455f268e2a0ce01a9d1fc8ae88f26e369fd0c059472e0219e233a6c8a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bg-bg.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_bg-bg.js
MD5: e0b0af6d14a5f281402adea4b3d26be0
SHA1: a38f62aed54b72217f9abf38a8c7ffcf1d99a819
SHA256:82eee0539d08160c6ddda07c13842aacfd877a6343a8a6d56bc10812f4121231

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bg.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_bg.js
MD5: b2da12ecd26851816dadd6817f616b20
SHA1: 325daae5f701e669933e85919e83f8a157bbe058
SHA256:a83b43bf1b4b4d0e0a0da47d4abca821025153b9922418dc924d77b941045337

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bn-bd.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_bn-bd.js
MD5: 63fdb4d8f7211eea252b5fac1656787c
SHA1: e68ce678d8f1bf527da56bf2fa20776968270640
SHA256:32e39352ffa4731775da9807e8747f81f16d4662a52903a215817c73d1c65c48

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bn-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_bn-in.js
MD5: 9a663da5fb4e9894342c35908429e7e0
SHA1: c7cc4bcfa0fcb4ca6169a8f412a04e79289947af
SHA256:6362b793bc56d1c0b64d4a8084ba78fc184be01e76807f020dd52531888d50f2

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_bn.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_bn.js
MD5: 58fe82417e29f022e3910a519ad0175e
SHA1: 78c3ee3924d229847a80342bfbd5776e4bf7fb84
SHA256:9c4c9c19c7ef2422e5be6bac7e07da22cee886aa16efe923d2d5846c43465bc1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ca-ad.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ca-ad.js
MD5: 53f987b9e61a79830045822404d499cd
SHA1: c0e0df4bbc2ac2dde95c713f40407067d5fbe8bd
SHA256:8aa3bf12da8cbc98ada898f3501b39ca1471a3dab4ec7e90e82add9f2b28e156

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ca-es.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ca-es.js
MD5: d5a6e9640510054866d6db19fcb045bc
SHA1: 3f7b462e189d706d2dc2878ad88352d8cabc55ee
SHA256:4c3ba0caa6c9c69ee44932758336fc21ac850dc764d74814cf9696b2b9183712

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ca.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ca.js
MD5: fd6574916976f4302e040a98d5ae68af
SHA1: 5303c63dc5446cecb51971ac598790d410021a46
SHA256:70b3eea53bcfea23f3f9b57c72fd330048cc6b5ae3c00171d6ad0519e83a53d5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_cs-cz.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_cs-cz.js
MD5: 9f20481a32c7b1675fad3221eea25754
SHA1: 811c113a9d45c7a2b53e4daa2641ed1b8c10ebde
SHA256:d5944be67aa45c3ec2fa8a63ba850de3bdfd0330ee20c0ea5e730549c8f434f2

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_cs.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_cs.js
MD5: e4c4ba9f974d61c6babc8241222ff035
SHA1: be53a45be7e0e1cd7ed9b140470c6085368bbb81
SHA256:c4227773b5bcec0cb55240cb05a0e7e0df7ed0d653524bf3de45ff33473a0982

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_da-dk.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_da-dk.js
MD5: b808c66da7bfe303bee5d7b23c9a9845
SHA1: 06bbd9ab84f0820ca67ef22cfce34cb663e2fef4
SHA256:4704561c2d8437f91bc895f47199328218ac0c1a043c308585e9aff7e270fb32

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_da.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_da.js
MD5: 19462456bbf4af86ed5b42ecc7e625a9
SHA1: 74cdecf31766b6f5427b6a79f9e35dca646d8c07
SHA256:ea2ad8f5bf8bd456f489e97662353bbb0b5e18c5d6beddcf0f1d40c5f454b936

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-at.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_de-at.js
MD5: 13100bb6e65c61d6d803250c5be8824e
SHA1: d396fa0a6252dfa8f86eb401964fba5dbb77ac15
SHA256:03b5b5ce053b104bef3db982d04691102a8ac061683559194f47e43813d8cd7d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-be.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_de-be.js
MD5: e62301d93f4efb9865241c3950ea849d
SHA1: a0dd7c45a1623373348d9ddfc31f37a6a07b487e
SHA256:546e93b89131993c17707a082f922f6e5089f3b9ee224350afe7ed2fcb920063

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-ch.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_de-ch.js
MD5: c0f7e65204ec741bbec5ff46213c60f4
SHA1: af6e7d6c2ed1e3b6f4ee5478c7dab01f8decc667
SHA256:6e3bc2f181c9174fc797fbd4a45ee53ff29ca5656badcf2fe8f7766aa8213a42

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-de.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_de-de.js
MD5: 438a36f69eded7b21afb30c41dd4b9c2
SHA1: 73b6b8b71c4b4e38fe42a13a179f86b580aa98e5
SHA256:1442adf571439cd6b587acd728f86d039fe2e4aee396318cfc9d25c2f7062a41

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-li.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_de-li.js
MD5: 2150eac9beb746fc7b5687f02e16a4d5
SHA1: 7f224538c63b45ff3f58062c900d452e1946d210
SHA256:e9c166f1de3e52346235c2dcfbafb804a5ea5f3cdfe82fc33115208dea013e00

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de-lu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_de-lu.js
MD5: 962d2fff44964fea31b328701a8ebe35
SHA1: 4fc99b9f25096144eed73878cdc76514cb62460b
SHA256:c80b7e1c18ded91d81fe00c31a7da23ab152978095c25da43e0a1152630ac46e

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_de.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_de.js
MD5: 0cbd57cfdfd8c04283b51cdaf18656c3
SHA1: 08dad759d60ae6fc9704ed43c74fa9059294ad9e
SHA256:37f83d93f5ed5c6343bdfa8c7aa3996af806c7ad2493ac618085b41592bcbef9

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_el-cy.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_el-cy.js
MD5: 48951dfb41aaae0473bd6c4bc277f943
SHA1: 6b04e46259feb221926f3b0cf3c1121a48e47374
SHA256:5bdb6e5b721f4cf728e8d55c74702b2a2a7ef6954e809c440c3d290fd2cc440e

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_el-gr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_el-gr.js
MD5: 3cb0f971b31475e0698a4398b18bb740
SHA1: b0043435c3dced401c0808fcfabdf0e83386d43d
SHA256:6fe9c710512cd1f0e993a0652b4010e598b4cc03236a31b1dd8e91c685ef215b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_el.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_el.js
MD5: c8cda24631ae473a8ac84ee86f02d7ed
SHA1: 6e6f2ddb779d3a131e7aac15d2b3767a863f7013
SHA256:f35040ff006e586c04b9c106a7adcd5c0dcb9e2499254bde3a308d7e122ec20f

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-as.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-as.js
MD5: 35c16b3b47c77794a5798ceef8c6e428
SHA1: 6f44a2f4fce64414736eafa31d12de98a7abf6ba
SHA256:cfa3defc7d4d097cd2cf15d3c1ce6ab0e1d74acd83399dd430726792dbaccc1b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-au.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-au.js
MD5: 374a6caf7d85f336ad82503d4ce6a675
SHA1: a95d2538b953d9f8e26d9995e89ebbeeab5e83b9
SHA256:99d9254369a1ebf3564b95734523abf34094acb482bb7a41dae4eddba03cf7f1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-bb.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-bb.js
MD5: 031add8af3425f24d3028ca9ed235daa
SHA1: 067f5e5acf4ba4c573051a9a86967a0feae4786f
SHA256:fad83154250ffd81fd140ff1e0d33059a0b4e057c6f8a7b37a9f1f3059784404

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-be.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-be.js
MD5: d30446728f122692abc88f07e432a2f5
SHA1: e38e4c6fb1df013620797eff07258406e994fe6d
SHA256:0e4f3597916ed4bf8a35deea294abc7bc9a77aa577591573d81e7a305234219d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-bm.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-bm.js
MD5: f2c4740dad24e778d9784cd29f82bf95
SHA1: 6b3e016661e3ec8fa1e6dcd2f2b8bd705a7c8cd7
SHA256:7f6b98b6ca2cb7875339c08a5b6f6ec5aae2aad56dc16b8c748180e5f6b2ebe1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-bw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-bw.js
MD5: 066b2196acb7a5a2695637524bf2a1b3
SHA1: 8f2704500f855606b89e855142ea078d1db1dcf3
SHA256:07bed83f34131eda9193a37d0ee9000d2488449a439336922deef03938e5d844

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-bz.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-bz.js
MD5: be2bb7630218159c96d08352d39ee92c
SHA1: b7877583af2521e36b8fe9f0b92f330f966e01f3
SHA256:caaf4438f29771fdcf6b308831c46b82aa239e2ca36a1bddb9e328a8ea38c166

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-ca.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-ca.js
MD5: e34360aa3254f63513707d8db2b41739
SHA1: 699fe3acfb9a8c05b7fd52da9605b50a563e5d91
SHA256:7e4e7d00a2e9fc62e92c51333348d2195e770d70cf809c351ebe23197eb66a26

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-dsrt-us.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-dsrt-us.js
MD5: bb5fe95899f5d8ac2eab66c00fca0704
SHA1: 9c91fd81ac59a19d34e2e235992148154b475107
SHA256:05bfaa3d2d1f231d5a53a1c47d62ca07df88921ae2cddb9e0fb70ffc6d11dec5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-dsrt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-dsrt.js
MD5: 4ed027983e6297a3d06fdf61ea3d6c82
SHA1: 71ebc9f4e4d68b43e3a473b495a6604afb55ff22
SHA256:cd9652d17bf06b68942d604f1281632c2dbaaf337ac015b3270f9202be87981d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-fm.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-fm.js
MD5: 32fddd85c225c62b99b049cee3c21603
SHA1: 81fca7ad164266b915002f3b954dceb92b7a4e59
SHA256:4f7b88726e0e9e0526343964f4c1ae2bdd5a30baae781fdfbed61efd9dc7752d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-gb.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-gb.js
MD5: 90f51c35bd448ef65d6deb02bf0a8ce1
SHA1: 9d576ddf423e42a3e069bf7377b512e0c51167fb
SHA256:3475b443189dbf42a5122f2991f2a4d4709fed70d595ef1c0c1c0bb2de9659ac

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-gu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-gu.js
MD5: c922d47ed61b66d3d909dd0047d3f37f
SHA1: 887bbbc041f136b2bcf2a330b265d990b8bed530
SHA256:83820e160a64482dced17829fea72cd8b0845211c76c90c9961889777d9447be

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-gy.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-gy.js
MD5: 2f7ed2629f740938e5ff6b95506b0a8c
SHA1: a20c988b4ba464ae3fdb22ce6568fcc1c36194fb
SHA256:a859d128a81a9a64be54c50ce6b8cdf9e26b61495708782ddf953cabbf0da8e5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-hk.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-hk.js
MD5: d231ba6ec5b1ab9b01f89b54881b6d2f
SHA1: 704e73d8e0d8779b37f8493ceaea6ab0b67424bc
SHA256:644988ff6ee84370537147d6e85587b837a7ac8f19b807750d812a2147d3a72a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-ie.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-ie.js
MD5: 815f1dc7172d5e792232b269d05e02e2
SHA1: 0903bc4021ec00df1f8ae77c1ce67c4b20f730af
SHA256:e025c3c44aa6cfda4b76cb2cfde4db4a3d874d5ff6a83f91ee57e04602341d56

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-in.js
MD5: b38b9bbb2a042bb637fa5933eb43e1ff
SHA1: 8e21960a95c84fa9a99df594a1f326b121738ad7
SHA256:67b853f9869aedeeedd4c2866ceeddda37bfd47413a190fb329600ac3a1ed3f8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-iso.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-iso.js
MD5: ede75c21c243b6087d0d6ca0e2b23062
SHA1: 3fe8120ccce072f8a4585631baf43ba84d64b08b
SHA256:57c304e1089b339d1df30117c8f1e474ae1f493621cfa5a50b60d6be31966a98

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-jm.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-jm.js
MD5: 0cb6da3d1eee6469bbf67a93e3a4a8f9
SHA1: a382f8ca5a30dd8c72cb2585450d3c293a594b15
SHA256:9898f2eaeb3bea77d8e5d6e2bcc0a22acafb84c9128e79e000cca27a3f271aad

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-mh.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-mh.js
MD5: b8325e0602027616aeed79ffe3d114e4
SHA1: 5acb0e488a19b61d47e0c4c960488b4a5b012fc1
SHA256:c29d2dfac1825cdcfcda4ccc437cfbd4edcd4e384ac2eaef7f26fc9e2f4b5163

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-mp.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-mp.js
MD5: afdcea1f79a5ebf84b82139792271637
SHA1: 900ae9720394cecc968d86500122c951fc643ccb
SHA256:6d298f41f6b8fbaf2c2954dea418280a911aed27809d5c3e40d223ea5e48774f

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-mt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-mt.js
MD5: 79e42f54b7805096fcdb9c30f28ee541
SHA1: 18aba174ce7163ed0886c2ddd4f4d6f7f7fe5ccd
SHA256:3ec171e3ff6f196aff97f8ec52c3e16c9724f77b5ab561f5f10b44039924337a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-mu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-mu.js
MD5: 99604903560f47c67b39b268136e1e43
SHA1: d2fa1f1b171ff3046944c4189baeb579ce6b329e
SHA256:70f71d4c93a23e3501735dade379cf924aafc8836fedfd05d6ad13a0fa4d0ac4

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-na.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-na.js
MD5: 7d85fc496d30a7c1947b984c516713a3
SHA1: 075be389b2b89b785fdbc298b13f899955af6518
SHA256:9fd2d400d98a323c1c24369ce66331b4cbf8a953a13462aef9600e7bebfaf816

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-nz.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-nz.js
MD5: 5911465f1cd18b7dcacb3db5177614d0
SHA1: 39c858315e1105473e86ed013d99b2c8a3c8141f
SHA256:24e8276ab79fc7bddcd32c8c97b6d45f0eaf98aca1acb68586dc83f685cafdba

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-ph.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-ph.js
MD5: 3e696542084731465800ba8727938755
SHA1: a4812db4fb080cfac3cd6e9b7474249e6774800b
SHA256:e85388448447ed28ed98e6f2dd50251d74f3c9cd1ebb9e1fe0d409e7adc5e83b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-pk.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-pk.js
MD5: f59b73693a6f4a835bb5872d66d34a95
SHA1: 674f817f7906ad6371145061f2f32d8500f2975f
SHA256:106cdbaa6552f81965ee6aadc8e4d0663fe3fd18e5a35afff8d5b47398a4e791

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-pr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-pr.js
MD5: 6d60893826710934e6135147c3d422fc
SHA1: 5816175c3e619b7376091843af776b8948e08a41
SHA256:825bd81a92ae2d5060c42a1f87330a53006841f26858a2d955b8c7bdff83f664

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-pw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-pw.js
MD5: 9cbcc24cbfd74cf3a615d51785b10a73
SHA1: 566470335d37fb6953ace38fe1a40c7a247291ba
SHA256:ac8ba315c51412c95fe7f5bde1640b41580587f1641a36fbca2db0e07763da8a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-sg.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-sg.js
MD5: 46133dd09f4ae82ec71ad4d19918ab37
SHA1: acca539dd5f6fe2188dc599f76ec14b215ed92b4
SHA256:9bc6196b4628c218ae9e7b167f510e5c7fd19bb97debad8c334ce5a787092c67

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-tc.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-tc.js
MD5: 137388e786886100b831e98be115f994
SHA1: d763c6dfa9a9bc70042a9db61aa12544759f2b28
SHA256:1d45d5b24ecbe90d4137fbf62347eaea22cea1d2a638acc8115007160d22fb96

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-tt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-tt.js
MD5: c020c852340c814b4c5a7aa5375ea9d3
SHA1: e33d75cdc5831ec82cb937955cac13a9a32b5ba8
SHA256:4c26ac60aa0695985554451201021fe3d75783e04272c83dabda1a15b8b9abc0

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-um.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-um.js
MD5: 6d0bb60d5ec663f897abf15ef5b6ba08
SHA1: 80aef25d64a57b8e7f47db954eb4695a0d3a5c04
SHA256:0966384007729b76ae1ec61ccb039c33294bcefdf1403c18687379b60425d7a2

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-us.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-us.js
MD5: 40959785e2ddac2956e6c5a2efd9c6be
SHA1: 1fc78655ea8516ec5f9bb8d5ef18b09b1eddfaa0
SHA256:de119499a7466aa627fe79bb1568082843747ad25e79c9814521c5117091e3c5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-vg.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-vg.js
MD5: f6ec14bd4d1d9fe668c7f1153f772fd3
SHA1: 41ba85592d069e544ceab29a87a20a2dc7f5c6b9
SHA256:7cd70d909ebd4e0ddad9d940bd3242f7aa8b148b842f178adbc9d0951697f30b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-vi.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-vi.js
MD5: 1cad652eaca2d1226fda562be41cbdaa
SHA1: d495dc75edeb06b3142e10213a0fe92883752483
SHA256:7120e5bdfa4b5d11a40c47fd04f88f2d0cb73919d4464b75321483d0a4ccad2c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-za.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-za.js
MD5: e10f8840635b50da81ca71b88e9a09d6
SHA1: 3b3643485db446e4d56488f633fb6960866c1739
SHA256:5658111f304a4efc95fda0ee88a8f068317d5ad68d305a08ca1c475dadad7a53

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en-zw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en-zw.js
MD5: aa6384e7296dfea51d33511c301904f9
SHA1: ad34b7837067f6ced580177e58ebbe7ebd6cdcae
SHA256:dde6100a49704a9f5d2dbb4fb7b412a09a0283447fb2f25c257d961867f352e1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_en.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_en.js
MD5: df6fce84d373c1e539ef1f3cc08ec0d1
SHA1: e67963582996097fdea1ed2e85785d7a5f92b86f
SHA256:1f8c92716b9b9a7998ec913fabf8f99eb73f483900cba28b89abe073771e8bb8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-419.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-419.js
MD5: c3dcc66d0575931380333e2643a46efd
SHA1: 8c3f3d5b64dcd12a3d6b3851969a4d7cfd06caa4
SHA256:db121135623fd01a0d4087ac303f0e7c2f8b4d71a15bc28cb08bb6bac86c79ec

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ar.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-ar.js
MD5: d5801b41cecfb4af0636a2c10deab608
SHA1: db764e7ae6eb98a0452ea6394b5395d7b3dbc5e7
SHA256:5147e6636984e028050fcef7bf5b979da46ce77b3252f21c48a46697bedec85a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-bo.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-bo.js
MD5: e4547d89cecbc912427acdd30e142b00
SHA1: d91ac80324db37283f7e821fdacf550d34a727f4
SHA256:b348e84780cd263ed42e3eed7b01e7ad0bf7fbbde4f38f89ffaa77b97d4c82b5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-cl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-cl.js
MD5: f3597d311953675e6afcb417753fc651
SHA1: cacb03a818b443af59b5f6fd95560dfa3ba0c1a9
SHA256:6a0ec67524f39d6032c106297d701b9185221903a65b7a7342b4a89c5ff4b9d0

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-co.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-co.js
MD5: 152b3b4982f4ee6e28d9abdd51e61fcd
SHA1: 5522355792b41155f9a03e0b49cfd12dcde6592f
SHA256:001262fa01caa953655a6d2f86f0fbcb3e0ce545837c8e5781ce8c5dafd9e4c9

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-cr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-cr.js
MD5: 61145cb67e0cf78495acbbf1fc3c66d2
SHA1: 411c1531e150c7ff8fe181a870e48aac29e5c583
SHA256:19cdf4de3349d99250442b63b89d872eee2280b61e5cf339a0c76a4a842edc7c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-do.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-do.js
MD5: 62a59b6bfaa2a11446081d45a090e8d4
SHA1: c017a4afba708584c8280fac8bf954518f911f06
SHA256:979a70922762637ec262c40bef213aafc9e6129bc69390626101ef99a33600cc

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ea.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-ea.js
MD5: 8085210a1fd3e82a7eed841525f5e790
SHA1: 464ccba22204517250f5c5ffaa6e1a43826bdd53
SHA256:dc20f0579509adff218a76b786b3a8143b9b049a89eeb7923e9d97659525362d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ec.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-ec.js
MD5: 5632f0491339142aaf4a7f681fdeeeb4
SHA1: fcb7ff849a4f915d8146d7fd62fb7ba7574c9a56
SHA256:13c417604e631240c33976ecde4de75526ac79b8dea177bef1e517b47a4903d8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-es.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-es.js
MD5: 052b3894b22399d64a048a786afd9ba8
SHA1: b1713f22b257eb7f47e03388069206cae5c65541
SHA256:a6914f29417fd00ddb99d5459515e101d7045d25b34ac255cb959968889abdbf

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-gq.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-gq.js
MD5: be2c2108c86eab7d6a73444503e17835
SHA1: 86c22283052011ccec757422741bfdfc60f076aa
SHA256:897f1ce4a2db227c00e04ba192b69a9c609c62ddfe05a62acf6517ea5df43045

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-gt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-gt.js
MD5: 855a32a559e3ed68914fa6d7e40c5121
SHA1: cb395e59534ad90320d3e3788bb294eb92640061
SHA256:f1f7d4cc2fbc3b12b483017e37047680a901a85a0394236eaa3edbd315499eca

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-hn.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-hn.js
MD5: 1ef359216b3591ec94b84114c5313bee
SHA1: 6eeb3795f1b5c57e53fddfcbf7903dbc01b69d6b
SHA256:be4f825284484e29b6513016a3df00c19a30f855d0c813037a13b71b99d282fa

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ic.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-ic.js
MD5: 737dc27638c150006d35cec479de1471
SHA1: 32bb529dec19b6a51224f1fb0d94f72b07e8a422
SHA256:f8ecf73e78a4dd2b0717b0c33186726365a9664566835085aa1d08eafc0afcf7

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-mx.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-mx.js
MD5: e0ba9c887e69c12c78dfbc4028cdd365
SHA1: ffd6d822ed3360c93d253844c5434dd4444a1f50
SHA256:514640b489606e420c1a51abb73e16891397254786c2d2bdb85b499fbfa45e88

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ni.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-ni.js
MD5: 4ad641bcfd11a4dbe2f0a97c3d43306c
SHA1: deec07091ac72346b5f9442934c166485587e2db
SHA256:3cf5fa668341cc91024883db32fb6a44773338f4ee7911960968e05366b1b5ad

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-pa.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-pa.js
MD5: c16a8c3f0e67d2f14bc8b8d2b252b4fb
SHA1: 2e62dd921101c71dd5ad789ffcc7246fee39f21e
SHA256:b908ec0a0bce1b7c91a8eb8b17e4d908ea1b40b8b9ea15b5d127554d6ea5b334

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-pe.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-pe.js
MD5: 2969d9c11a1921e5a82d47e75db342d6
SHA1: 828aff68c4b56eada62741ffeacb1db455692098
SHA256:46b20ce6a9faa5b2f0a61886e9df6ca203cf021d2783f79037c9d07242eda968

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-pr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-pr.js
MD5: 2088728a280fa9be45209639bbfc56de
SHA1: 394b30b14c1a031185808ce0a76aa293ea398436
SHA256:c909a467a205e68288d25a1c1d75313318413f614d9c8b1c7e4eaad6a2605ae4

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-py.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-py.js
MD5: 7922d3fe23df4ab9dcea868567ef47ce
SHA1: 305696960a55bef504e829208216db90a9b8088d
SHA256:416660781d50ed7a2f8963cbbb19400e40eb6a8269200dc795e61f85d1e5a8fa

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-sv.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-sv.js
MD5: e20105ff10a0e519ef84515d11368970
SHA1: f495fa3f8e190bf3fbfb95c5b8307843c4452581
SHA256:a47a8c250314704f5d08ba643b5ba307400f8a4c3743ba6285f079699c87f0a8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-us.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-us.js
MD5: 3a8cb7700af81aa8d303bff55cb151d1
SHA1: 56c15677a4ff978a1c9fa4c45da7bf88e8d71560
SHA256:60be8483bda3b225c454c832f54d34112dd0f2ad079d7a013818154c5cb98fef

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-uy.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-uy.js
MD5: 38ecf120ffc1519648199c00538fa609
SHA1: ffb4d2b8b94a02159310a39940a5936128f49904
SHA256:20144c3aa8748387595512443fe2361db3973c27bb9470128ebfa565b872f363

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es-ve.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es-ve.js
MD5: 66da69e7f833a8658db9e8be78bc08c5
SHA1: 84100e53fd55796988d3ba0188a1ce111bc532c7
SHA256:d3000fe744ff95e2e9ed6a60bca15e1421e1031414f7217d908b69e9295c87fc

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_es.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_es.js
MD5: c89bf8d1dc408d95e985094f07ded6c7
SHA1: cddca3b6a23d0dbb20d0741ebc88b83043ccbfd5
SHA256:e435a3e0d6ea206c03e7a842915304ea649e1c50a44a905f2f8a40b6b429e83b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_et-ee.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_et-ee.js
MD5: 8141fdd626dac0eb8237b5770fcacdf8
SHA1: 36c21d7ed72ee7af900b78eee414ef267a55795d
SHA256:3b5a750e04ec4d8705efaa526917be5643825a8ea4888ba63b99f2bde8c2fa92

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_et.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_et.js
MD5: 4cb455f2ff2a08c95c99912b2d764d11
SHA1: 635b7d38d0e8e795a0c2912346d5bf2be446df51
SHA256:90241eb442c709b20d749c6ac3d140720c81f085f8788352c8939a0d9fca77c3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_eu-es.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_eu-es.js
MD5: b7e002b81810dbd4501c39801b4aea75
SHA1: 2ea61d79eb4d34c923cef179bea95ec59955e00c
SHA256:ea667bfce65fd20080292f47a9a882f74c3fbfeb771f079bafcb259188cec8a2

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_eu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_eu.js
MD5: e2af9ee595d50c8bc3d3da1661883a8d
SHA1: ab5c5e784518339fa284f349c660f178bc480efa
SHA256:be422e2cff17c3f239577fecd6b9c61f61590f76af95808c546af724ba9c0f90

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fa-af.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fa-af.js
MD5: 900232a857e5ccae5a8ba66f078338f3
SHA1: 976c3f18df486f9dea083e903ed805643c715159
SHA256:d7222e46c59a271bf33cee2a82e285b6134e70a6bc627257bf89269732161a33

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fa-ir.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fa-ir.js
MD5: 605626627b58200cffdf962d48487693
SHA1: 91b41e754d5e012a6fcd55994835f3a8228aecb8
SHA256:b1ea413529fed167de879f62a39d866373507f9ad5804faf08a16f12830e2a80

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fa.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fa.js
MD5: b28c6e37e5c0c23e59dc426eedb3bbb1
SHA1: b0aa3625c9b8e319f1b9ed2867637078ad3c5f04
SHA256:3c36d6b30b63f10f8e5c861f20709711ba1651d0055c05cb9132ba78b87905c1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fi-fi.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fi-fi.js
MD5: a4f7b5c02a4890c5d460e1353d2a994b
SHA1: 100be9bab6340c3249e35939828c4c33eed69305
SHA256:d15be6c4d52831d7f4c20b8f2b461332215072284affcf3ca299ddc2bb812ab0

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fi.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fi.js
MD5: df81ead8e990d70158cbf5e8bf497fe3
SHA1: c67f0bff58c544634262d27e4308ce08160c94a4
SHA256:541b0fab7d7873e985ccdd5495f94909e6fdd828dc17e2ff1ae9a56085b07212

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fil-ph.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fil-ph.js
MD5: 8082c3bfea8464c446fb7a5f6d4e46ce
SHA1: 2aa50266d61eea45b974bbf2fd3583a8748a89e0
SHA256:dd9c17accdfacd776151cef90fcca884acaeb9080ee524e4f5b6e50bd4a1f0fb

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fil.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fil.js
MD5: 253e9849f229287473c02bbcc7702b28
SHA1: ca5d504ce6a15379dba14903bc07d0f52646bfe1
SHA256:b76b94481e58e2128fb22b243d6bce294868eb074bfd34cf90a78f21dbfc3d4f

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-be.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-be.js
MD5: 8c39aa506dd3bc16bb3553bfe8ee8796
SHA1: 68451f142b82c0c92cdade8a1ac36e18e99b528a
SHA256:dd5030b015cbb8a8c1590d3fab5a5a18df4bb788b599eda55c5483c691dbfb88

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-bf.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-bf.js
MD5: 48230bdbe0e65ad0b6cba19ac9f22e47
SHA1: 50cc5967d74b2ed0dd523a29922601cb125468f4
SHA256:08786b70e990a71a3116ece19733c256a9c44e7df7cf2e722aa3e69d77e7a37f

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-bi.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-bi.js
MD5: 5b0baf8b323d57f2571e1cdca0dfe786
SHA1: 94fdae4dce2a264a704fd0e87d6ab682c4c8de48
SHA256:96644c11d620f7df146337877f1a43fb8b18d639573ac76267bc009fc9c683af

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-bj.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-bj.js
MD5: 4bbaf07de5345d4772388d4cce2a4b8c
SHA1: cd68b139086aa3ccf6a1cadc3f94b4b11b882e39
SHA256:d4f91f5af125108515a92510c3becac369fcbf553673bea1819c4463a079f878

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-bl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-bl.js
MD5: 4aa8cd86fe773ef39c73c11575bade55
SHA1: ec5dc3fbbf731b7c4d12265d3b301adc856bc1a8
SHA256:a0b9ea9d906aa0f58514a321f9da01c06ba2d5b6283d875de7e41735be24478c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ca.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-ca.js
MD5: a5c88d42d000ea1973dba4766f1a30ab
SHA1: 7232499350db9ca0732c027083a22bd164c018fc
SHA256:bb789cd5aa49662acaab227824a6856894bc55817a97767420373afa78d7d03f

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-cd.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-cd.js
MD5: 5acf9047471a9563382c7324ffca8af2
SHA1: 4cc27fd815a25f6df624a8c06c5e0873f759e25c
SHA256:35be9df6783cda8d83f0e307cc5f4605fae6278f04005b40de31accc1c060fcf

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-cf.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-cf.js
MD5: 4bcab995234f08449c4e70019783f970
SHA1: 672c971d87937dd0a627d8307c0cbbb3230c3697
SHA256:ff1bbfa672e9b7e47b8f0ae2c6a5a9c2a24b38b4077083409d0cf971cd66cbb4

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-cg.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-cg.js
MD5: 14ed457ba02b2106539c6856ced97678
SHA1: 57d8ea468d417ab87c7176cb772d1024d259c955
SHA256:6eaad3756adc17b69aa57519c59f6420446d283de7d70c6c3c4290daae08a2eb

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ch.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-ch.js
MD5: 5c3af6e2464edbf680799781f9bd17ed
SHA1: 170d8415551e91fc7a3de5f5cbcc26e4e105ee2a
SHA256:1ba4d14e8f16d6121f193c650ffc51be561f7e0e3f335fe775ed73f21db59268

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ci.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-ci.js
MD5: 49a8dc4b5491eee28217972a1d9f1fba
SHA1: aa25e0747e87e271c76f6c9132044d6cedaa74f3
SHA256:3f31fa4c82a06106b1ce2be1fc33d13334770c7f39a23b691260ad2b94cbbb69

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-cm.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-cm.js
MD5: bf540f9fc35e87b6c861fa1d3d6664f1
SHA1: 7372399c2667a27db13802591b1dcea944d3ff2f
SHA256:ffea2642066f3cb90173537ff2ad10e584a8594d9597d2cccd652f14ad47896b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-dj.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-dj.js
MD5: dd3ea1b9a1b27e603e2dca66acab96b7
SHA1: 24881d62909f88b05df6385c1ba6790d2031e6b5
SHA256:39ab36940a98499e972a4a07b36420a8b5f04c4d4b0b778d9c74872b25360ca6

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-fr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-fr.js
MD5: afed422350b2c4d5d9afe835350f526c
SHA1: 88b96489544fd040693845e5816a4825cd18eeff
SHA256:c1a6157fe9d6aac34ee7f68ef59e8c0cb1ec0701a4608a4ce7905261072b3cc9

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ga.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-ga.js
MD5: 93843d4f7680364076924efeb1ba4d59
SHA1: 1ae5921d6dabeb84eb75265388f3409bf2f2735d
SHA256:d4348e6582f42d94288fd24f46d6d23c5265c447d28f4cdfc9d610021b882c51

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-gf.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-gf.js
MD5: 2730e52c178cd2a9f91ebea0dbb7ed37
SHA1: 30da44da24a85e865cdd10819e83dacd69c91fc9
SHA256:2fcdcbe81231389f4dec1ba6a32bf182e9dde48881081b50e1c80c4f11ea3437

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-gn.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-gn.js
MD5: 4403eb2d38193044b42e3d67a4ddf067
SHA1: a55515cd25a616ac8cfff8e31919699ad92cf4b6
SHA256:fd5ef4d8ab8d1a86617a1a4f36bf96d2fe0a33cb0239906c4bb86bd12abaab44

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-gp.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-gp.js
MD5: f9fb0f9dc812fdaca34c550c89be1050
SHA1: 5bb56d4cc2a83124444cb22e270709489f90b8c9
SHA256:f098f8920132d2977cc1eb466ead9406ec5b81ae96b60e7779fea995fe38455a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-gq.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-gq.js
MD5: bee0ec6d5c568aff5febc52dc7047524
SHA1: 18cf27cf315f7b77a1f9dfc3f5ca8b695b9bb804
SHA256:571ba04071cf57f995f78470d2b648efcd64871bb28275afca09d5acfd3badc1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-km.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-km.js
MD5: cf727f3fbd5c047af4da449842dec558
SHA1: f639d6e2bcd1c8de74875b295eb8ebdbc38eb306
SHA256:5f23c4945c322bbf10c345951e895f111d54d2a69a1d5484d82f4f5f765dcd3d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-lu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-lu.js
MD5: c558d9f8f7a6de7283bbedcc7841f283
SHA1: 546e1f8f6862d6b0beb3bea12cbda68f9e0a7992
SHA256:965977fcae7bbeb447b9e2713e0686cf0bf40f1db67c1b9801f282994666fdbe

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-mc.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-mc.js
MD5: 38f8ea87af205cd75e2f37033967399e
SHA1: 618576c72670a82ae17453c73c8608767d48b7f2
SHA256:bbae70ec09b3e779cd511d09736fc2a30c04569a8b9491e7887759f920179476

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-mf.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-mf.js
MD5: f851a63cc9997f4010d0fad63cb4dec9
SHA1: 5d93a550697260aa1e12a04c9e750ada3c32e4bf
SHA256:27f634c682b2ee71b56a65f78b4b4b64f3f57aa4fad26985585422ad1a1839fd

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-mg.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-mg.js
MD5: 47ddcf985470dfe0037f4eb196380882
SHA1: 0e4f8fd2d9ec0b1b350780124f072133bb66bd0f
SHA256:ef9ac88c85eb902101364e0fac8ac99c0e551bae2f6057c78a36e4c2fb023431

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ml.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-ml.js
MD5: 44bdbc0623d97243db498907f14bce73
SHA1: 120e848ebfb8558467913a29ebad58686a91730b
SHA256:a541c16bbd4131617598a35874fbb0a813b2cdbd4cb00a13030269fd3ad28cf7

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-mq.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-mq.js
MD5: b980469605f5630c2bc81e42a8796bcc
SHA1: 37a3e4597ba2119e7fd6450b92d21fd71d0cd20b
SHA256:8ad07d6e053f707b7c45ce5254024be6ee7a9bc9648e699f41617b08b6481259

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-ne.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-ne.js
MD5: 4f59cbd5db45f02b4c5a3489abb95207
SHA1: 64bfe85d2c3603b995925a74ab63cff291b5727e
SHA256:c50db30b0db5f1deba985a56d03f19484f7360fe8fb0cee3f8202ff0ca1ff5c9

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-re.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-re.js
MD5: 5749f4a52e62f4577e0d3fec47b8cd42
SHA1: 568a8335928c8b712dd2b35686fee3cdb6c172ac
SHA256:350d388776510b7a525eb6572ff16606c37f07613c433d6a49c9946b86d39ecb

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr-yt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr-yt.js
MD5: 81c34f2e86590c1892882d9dd1df1bb6
SHA1: 3b7ebce0939cc72195b4dfefdab0f7fccc42aa30
SHA256:312a69bc50184f45ee99a4e70d09880ca3175bdaff96e8cfa25560156767f4f5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_fr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_fr.js
MD5: ccc2a5c0f3d1f5d490e5bcc4ee8490cd
SHA1: 0ac35fa16e791db448ca5f6939e714c261d36482
SHA256:b4d045fbf379221425b9db0a61ff9ec978ef79599a1e8a845cc9160949f390a0

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gl-es.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_gl-es.js
MD5: 4de671d4595f4f8a62f3f9e56b494b7a
SHA1: 0845bbbdc0dc9c28b30bf2342357ad83adb5a262
SHA256:d5c72e1505a62be55a0868b89315f7b5cdec3f9cd158f999bd7f942551f493d8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_gl.js
MD5: 3614f73523bef9f711d0438c6c39031c
SHA1: 22ea0e3aee14f217f88a95521e78d14db106ba97
SHA256:f0424becc2711c7ccec735d30a5823780489985f5e17a9e7717d5072b9380bae

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gsw-ch.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_gsw-ch.js
MD5: 55d8cca70af392856952dcc1ce027742
SHA1: 05e4b07a6b742ab7d75c1d75122968871b8140e2
SHA256:d39e650649f122beeb3c836201899ab0304cbf3175cf1675b7a66e10e01064a0

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gsw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_gsw.js
MD5: 0eba015634442d4cd7604270c824a464
SHA1: 90ce98a2d9b51d9d14918c5ca1564f58209d0b3c
SHA256:9be1602638655676144c21b0c20542e9789c83e0c6bb4796b1090f6b598285d9

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gu-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_gu-in.js
MD5: 5ff733f264bda216f4b94e6a6a8c09ae
SHA1: cd0ede1ad91bcd8bd2c32ae8193e07c9a7ad804f
SHA256:e527875adf221e4e6ad17d6ec468d18080694ccb2a38a2771b99e6e64e08cab3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_gu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_gu.js
MD5: eebfe679cd71a191d098e69478bc9b9f
SHA1: 60fe13f75d1c5221d7b270e855bac4ad283967f4
SHA256:bc21a35330c0d1da49d72c06256709e5b9ff9077e16daaff832002df82c0fe96

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_he-il.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_he-il.js
MD5: 344793ccd016737fed0cba312d5aafcb
SHA1: 92f62aa3cae3fd0fa7af7f776139dadabd647de4
SHA256:595a5981ebcb57d8a2c48a230e0a63ec714396ece9ea5dbbcd1009d7582705a7

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_he.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_he.js
MD5: b61c92fe498631afe5a7ad8e54ae0947
SHA1: 70edcd3b52176482a4a85f923a5f84d143166156
SHA256:5a87809505f2a2bf240820c1b629a53837765f82678a95a751c8f3ca9620d573

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hi-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_hi-in.js
MD5: 8783fbf56886f9da2bb92022e3d579b5
SHA1: 936457a1b3347f6887f8eed44ea0c2615350fbb9
SHA256:6b4e91b89584824287e946852d8cb60cfe7cfecd2a255ebb86794309b308a36f

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hi.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_hi.js
MD5: a9c6ccfcf41b8cd2f85cd3b488d7458f
SHA1: 21f72b0f0c7aad980b914169f0943bdc4cb97e7f
SHA256:deb747107e6f2f26560b2dca55374f1518eb73b869ea6e332f692975511d52ab

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hr-hr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_hr-hr.js
MD5: 271573e977ff37b352d7a5b65951a134
SHA1: 776929decf3ebb83304040d5e7b71973135c27b3
SHA256:00a216befac37cc1005d9f30e6289e96379a91641d5b4ce16693b10575288365

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_hr.js
MD5: e379df48b004a1f4403c761f18fad960
SHA1: 8b4c435c7675072daea765bab04ea43e2f2f046e
SHA256:15927d3d51916f688404edf2c2fb995530003e1fc884d16d1591b7f143f389c8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hu-hu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_hu-hu.js
MD5: 1a682c3922956fe7da9e26ba326ce149
SHA1: 1dfd2b846b0b0e2ddf608447822186d228e5c31a
SHA256:58b8b795542ddb99ca9ad32c438d343593be83840f39ad67e762db566eb395f6

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_hu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_hu.js
MD5: 655a8e9632d7da8d4049314e9acc8767
SHA1: 7f1f757eaa1a3e7440e478f7208e3c9a9d0207b4
SHA256:a8491827a9edee1437927098b3550345589ec40ba2c6b5f1384aa9a5ca9b95cd

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_id-id.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_id-id.js
MD5: 95dc9bde7eb5b9fbf8ae9e8bf172897e
SHA1: 806aad016857f7ead21cd99444100175d50aba0f
SHA256:8337765b43a6512ce0624b8e175cc0d7c8341cb3813767b1a1de5f824d392b03

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_id.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_id.js
MD5: 9c0d2c7c97d3e68129bf2efbda096837
SHA1: 0a5b0d4ad0f2d49441129df3ce26d2902373b5ec
SHA256:1c24bb6d565842443451ddbac553ae7fa14f86ea411384d8d4a3719f498c0c79

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_in.js
MD5: e82a2ee0efbfac306d0bf833c3829cb6
SHA1: 5d6025657df311961d5ae06a273b36b329b4f441
SHA256:090ebf0b766876d5ae2da13ff2c2fd93f1aa4a987372b44449c4ccc573636ac2

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_is-is.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_is-is.js
MD5: 4ac8d57b7dcb0ea4434a7d3b500daa44
SHA1: 3f8557b09e9a57c218a76ac2153ada77bab82ff9
SHA256:25b261795082232bc0d4031c9629128ced085fff6ad5260e4385a675070c957e

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_is.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_is.js
MD5: 7c8adcfb0832f10488bf4c58d5506c03
SHA1: e7a675102e48f08e1680046cd43a35799e7f7aef
SHA256:f6c8d3b8cadadd2c9885c2d09e9e79d50268a58c4e7b4845ced4c7014665e41c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_it-it.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_it-it.js
MD5: 44949346e81e04906d0be762cd0dee55
SHA1: b764bcff9ceee86ab698756e455da3ddc69b6855
SHA256:50e6ee8feaa0c4ce9ffe5b379a902248b3dd671d6e5fd124e511556486aa78e3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_it-sm.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_it-sm.js
MD5: 83fb1e484a4d7a66de03e0fb52caabe5
SHA1: fa51c3f20987be95ad7b461651ed8661411daf56
SHA256:ff43bc5d530cf5818803ee347a360ec501c1da1cf42ad6da15228ddff3e86b5a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_it.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_it.js
MD5: e67759a45a69d464bd543c49eaa75c78
SHA1: 68bc5ac8e359911f38aef64b584ef4fee41a25e9
SHA256:641a4b0012e596d99dc82372612cb5877e6c8b33533d968896941d1da8e5f5c1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_iw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_iw.js
MD5: 455046a8a48c7942a6e4a93206003848
SHA1: dee19ea6365eb0cdd6f3f423ef8021fa1b8f8452
SHA256:e5d234269244a691942f4f298c77f078613d8d7ca9a2ee6c704728a905ccfb1c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ja-jp.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ja-jp.js
MD5: 56953e723edf83dd4b42687219e048cc
SHA1: 1e48739d43f8f782c3e0a7c3d0c1f2e2bfef4ab2
SHA256:00c67c25fbbdc08ce4dd7b8581d7b523213e49cb7d47e9b1e2ce99f665465eb7

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ja.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ja.js
MD5: 8fb73aaed1baaed8b33d445fd3b46f49
SHA1: 3e0040b7d567ef0f760b969690a587fcfd7c535b
SHA256:af8897bbd08dc174fb9d01233d62b1b288d7b4be4ebb837f5f851290ae892f4a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_kn-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_kn-in.js
MD5: cb61d4674353fb44360528b32eafb1a1
SHA1: 8f3b23374cab65307d7e93196cc4d634d5b2e697
SHA256:33d52e88759e4cc4b49289002bc0fa254898b109b18350c289e0b6b2f462944a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_kn.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_kn.js
MD5: c3033d2d26cca26be5bf98758a558a64
SHA1: 264728fc101f857f34f560330efc97f0b27bfdc5
SHA256:0b82030d06d833e43824275082203146716ff5b95daa49a921354784a007ae72

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ko-kr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ko-kr.js
MD5: 254b33832a86d6f8bf28c6fa7b254da7
SHA1: 6a0f6220460c36fa864666a9d572f9fea1fd94be
SHA256:af1d2f590862da1686e03f4474b06c5038bf59b9fafd1b8976a5da8fe1673749

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ko.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ko.js
MD5: b65089d6cc0d60cd612e7d157f92bb97
SHA1: 5fb6ad592dbb07ace5dfab6f6ab72fd9df19f798
SHA256:4dabb21b3828339a536583d883bb786a69c3e7da1a91152de5e66c0fc4ad49d7

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ln-cd.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ln-cd.js
MD5: cf13e705b9af3b69a1094176099d6faf
SHA1: a3370aa93e0d69e76276128338458655c7e2ee26
SHA256:af061f2c2f9cee331977bfcad26ee7efc77ffa0c24e758f76fd55699a346245e

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ln.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ln.js
MD5: 710ef14e23cceb81f8a27698e6eaecea
SHA1: 552136494f463d3d19c08c74971f8eeb5d5585d0
SHA256:dbff5a2d23d06ea14d7da4ec474fb02bf868b1494b9b43cf117621ce87bd390c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_lt-lt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_lt-lt.js
MD5: 4526fc8ccfe676e1b26beeb03c176ace
SHA1: f0b415bc5cf27f477511ff23c62c9b0a4d0c4fbd
SHA256:5e9b4320510d952a0e1b7324c0b3a9445ddae24b9e4bfcd787e1d9158c8f089a

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_lt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_lt.js
MD5: c14b1e1735fe56b5b7476db0d6f4c9c9
SHA1: ae3537351caef1866e9ac114a1a2d81b393990f5
SHA256:02e85bcb9626a429117ba41052133ad59b86103632435793030dd4625e3361ec

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_lv-lv.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_lv-lv.js
MD5: 851b96bad84cf32c3a382ab4c4dc9a29
SHA1: 423e5dab762c58c37a3ec9aa5e8268d301d86ac1
SHA256:04151154243526789a34f4573ba0cd61461c43e20c2bc08f8b407597b316a626

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_lv.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_lv.js
MD5: 7d914954fa4facedb14a126ea2ca7359
SHA1: 1c531d549afacf7d7022b85f1fde81461ce50783
SHA256:6167e3c681099bffcd4e42c2b17c727e1dc44376e6f647f15c93b7a63306add6

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ml-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ml-in.js
MD5: 670502bc05fdcb5e5f63441938d669b3
SHA1: 45b098333c1532687078d9cfc28dbf8fd7decd12
SHA256:0185eb7de7f55fbd55ffe626c1d690bdf6461ba7574f2644f88c571385c718ae

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ml.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ml.js
MD5: 6751948a95bbbf735f7b4883710c5187
SHA1: dc256dd2ed3bad1515da3f1768eb81791ad97e39
SHA256:a5d28d30f7561f135675df83533073e5375535fa91b6eb75931ba4df9f873bb8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_mr-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_mr-in.js
MD5: 505bec8f2297564968c5b2f9cab8ed92
SHA1: f0344f6dcd79f77f0a9861065a215d3b8ab275aa
SHA256:28f93ba77ad2435c21ee85794ed94d16403b2de890610c64e2ec165116158eaf

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_mr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_mr.js
MD5: 44ca1499bc67f865017a6e9365ea4136
SHA1: e16bbdf5ce9ed5f1b6d6dddd7526f57918101e41
SHA256:7a7932e904cc3a737f96d7148e78d35c264705aed831d89f6f05a253e59534b9

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ms-my.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ms-my.js
MD5: 3582c60fc3de819f57b7eda865986a7e
SHA1: c798a9684df9b44fcfa531c25d9929e506e2e0ed
SHA256:e39136f976f8ca5642252dad6557c38c4f1ff935b81c0ab5418b0fccca828425

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ms.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ms.js
MD5: af9d81279156d2220a710730eec50437
SHA1: e0deea43fadb8c05e542fb7424e62d2b9b1a46bd
SHA256:a54bae3d90d41e8631af85d78f765ec7442d7aa68bcf475ea3bb220ebcffc3a0

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_mt-mt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_mt-mt.js
MD5: abe8b0a61ca17402f6f40cc2e9876d19
SHA1: 2a005f882b307f7ed04e8476807509260df44d7c
SHA256:db1433a70b9e808ce993d7a93d00c7c9998600bb38c023520fead7d30bc73b2e

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_mt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_mt.js
MD5: 3ba3b0d77f8c52456f4336d8181acc7a
SHA1: 26f2524c109c761a0e5ca0d739218e84a74ad67d
SHA256:5f4575cbafd47bbbb9a24f7f889208b5bb0567ece659fa5041725027666bda49

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_nl-cw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_nl-cw.js
MD5: 2da6f85494dd8f2d916fd1acdff21a54
SHA1: d59e658a156823c9b489b1065384e4d41b0ad7d3
SHA256:79f262ecfa62bf4259e2698b87f4333bacaf01e4244284dec3490271c6bacef5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_nl-nl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_nl-nl.js
MD5: 1ee9a880a7710b0a485fdf30abf80399
SHA1: 5e2582ab145fe7b9a98dca551e2b50e1c7210ef4
SHA256:78d3ac2c84cecfec2a40a05faba39c9a2d8c93d1a4f3fb35ab2eeddaecd0db22

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_nl-sx.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_nl-sx.js
MD5: 14d9c88c730ad7d6037b2a8702e22b71
SHA1: c44ad16db80791e599d3a56575f10696aa60fbbf
SHA256:7aaf607f4ce78dd1467bb3df1eb983b3c6aae93bde8a772c7457656d400bed22

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_nl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_nl.js
MD5: 020a83299231646f59a4e96cca91aa5d
SHA1: 5b1eacfccb616e43abb5b8e24bdb6580ed00626a
SHA256:6be94740795992b4b51351c35c4a87756ec118755845febe22da197cef69d0e3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_no.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_no.js
MD5: 81e9af58edc17301ef6ddadc108217d1
SHA1: 989f1bde5ef95cf0555356d40e65eebc4f5118ca
SHA256:5285501230d1b3bdc0ebe490481c50340bd37f91a6624ffde0c9675876d93484

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_or-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_or-in.js
MD5: 2c2201d76fed460cb2754fe8126943a2
SHA1: be27b8cd1224aabb5c864a80dfb41f31face03cd
SHA256:f009bd4a1908fbdb14ac652f7c1b7ed3408a50609e678d78067f4d02d68a4033

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_or.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_or.js
MD5: e93a0a5a9292fb8c1132810b19712acd
SHA1: c9b06afc54eae506f3636e1415bf8393a0f8be5c
SHA256:ca7045a69d5e27c381fbb718d6084be9bed3bca336a4d9513b2b766b9587250c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pl-pl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_pl-pl.js
MD5: bd2223760e50f22e25226c2a04e0e6fc
SHA1: 81d338d6c832274b1bd6fde5f61e28f36a03f89a
SHA256:b978d0c229c09dc68d3c7c572ca5f2e3a79ca8d624e939c5adc7e6348d0bc4b1

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_pl.js
MD5: e24f02bbe5cfd7251062726ffcbe8aee
SHA1: a246a4dbe4b0fe1f54084ae598348099c70bbad9
SHA256:985bfac724d8925fe37bf62f66a20a47e9ddb89ee56037dfd7d45bf54767840c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pt-br.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_pt-br.js
MD5: 4753313faf1fc3202e324051d205de10
SHA1: b5f4c69a3ebbc33d6f6fc353c2eab611ca109b74
SHA256:409a2c715bb5befbb917f93506044e55578432e500da08e1c45bddfc4ef9cbc2

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pt-pt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_pt-pt.js
MD5: d47d0a8221a5756f4b3600baa72f05a4
SHA1: ecf393370e4ef34588a651899218e08b2c0254f2
SHA256:a8720ed7ba58cc1dc0cd4747e41d7d60d45541ca3b1cb560d89851e2ff027d74

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_pt.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_pt.js
MD5: 47e7c7bf78d1ee432d83dac6a70e691d
SHA1: 934a3b51d9c9f3b54bdb7527c5b8f5ff6da9f7d7
SHA256:280d2502045afc3773666f197c6645b35f6241670cec0194dfb071892b8e4070

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ro-ro.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ro-ro.js
MD5: c6c85dbfda5bd0318fd6552a4577247d
SHA1: 738cc856ed1408b877a62d12e6c2e4fba7b2e7f8
SHA256:ab3d2e5d40532b86120ec4528cab2ceb08547597597bf7d5c2f2c79f25edc036

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ro.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ro.js
MD5: 5b0d54f89aa006f27248fc139f247034
SHA1: d7c66d8548b30f212b842fd8baf8cd5833c0a031
SHA256:b86b61bfa9ebe5a5fa227e386c900d2f01704b97aa92b9e6a4a8afe5a92f21ff

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ru-ru.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ru-ru.js
MD5: 204fbd85407f81f3c6125e3fbe9e476f
SHA1: ef2fb44e7a58044bbd00f60ad5a8ae4dbe6eff92
SHA256:b534c2c9e883e963abb17323744122a648b9df032d6255621841b9ef3cf37bf3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ru.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ru.js
MD5: 58614a0195daaaebda6674feedbe16aa
SHA1: d809ef52bd5c67fd50bd4a73c1d8355c9c7197d8
SHA256:7ef06d2a7a0a54848176e8c31bc5796cc0944b059cdadfd2641b4ce97a9c20de

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sk-sk.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sk-sk.js
MD5: 5c81269f03a3476ac1fae2f88e68f242
SHA1: 7546ec981a9108d72f649ba7d10073f079c7d2e7
SHA256:e61ed105d38ac665ea5a687655ddc1643ef4e48bb13c355ffd70b8cbb1106e46

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sk.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sk.js
MD5: 0fa7e8027baa0ecbe9873a6ad1779ac7
SHA1: f1f102d3cb4a594893fe9abf03b546b57115ea3f
SHA256:82cab0573b4624bc3795f5a54febc7ec2d539e46520ba0191d039c83236e0398

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sl-si.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sl-si.js
MD5: c31218517f8d8ce24c8f35e9a002bd42
SHA1: 8774b78f713cf50a656f2ad06a3c86fc9e81ccb0
SHA256:94838f5a413930bfc535a7e87f467b0150b43978fd8b3861b615276ab11d1355

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sl.js
MD5: a98c80c5178ead4503996d80f2b7ce58
SHA1: 3ef1d229264e43d65a11d415f24b58715e826f4b
SHA256:c82b53125a4fb14963fd20473fad799d488b34b3ecc5608e1983cc4649d9626d

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sq-al.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sq-al.js
MD5: fcfd6ed3ca4f3e79330fd6554fa62dff
SHA1: 0a35ea7303c1fdd3566673f10b31d19e6dd57887
SHA256:44fc9c97df9dc9b1dbf7c9cf9b6e06a0154357fdf8a1785823281a1e53354c3b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sq.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sq.js
MD5: fe1bd08f4351c143197a11cf777ef047
SHA1: 50473b23c9163a6d1bf1a5e9965a24e4826e886d
SHA256:f7735b3c2e818235e7e3bacb136f2d4e255707c901b466ef97deb1c17d172c9c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sr-cyrl-rs.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sr-cyrl-rs.js
MD5: ca27f02ad0dd5a3a377d6a282c2435aa
SHA1: 3d2150947b28081d89ed2e81f64780cde82c18db
SHA256:ed3d5108db34bbd300576636c0c7308bb8ba4465dcf34abca60a37fa6ab7c3ba

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sr-latn-rs.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sr-latn-rs.js
MD5: 6155027570c0aef2af921074e25d1b70
SHA1: b3ab264c6e56172e0c78c38d29c7574910fffc8d
SHA256:c8f9082c5f8dc930cd3203f4db2943c08497b9f88ab835e5b33ca38e23e0cba5

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sr.js
MD5: 5b60a516cb6419b79578ac3079e0405a
SHA1: 4dc6c1f4680e67e52785e60abfb87b9f13efc704
SHA256:b26f38a6bb9ea651a26ef6def3cf9047d1773f79f68fdd2d58c3ab33df6031de

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sv-se.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sv-se.js
MD5: 90e0f706eef17bb039068768bffe4651
SHA1: ea107446b3ebd4160b914e79db0e45ded220a0d8
SHA256:c4e6ff46cb19a740c9725d086653d48d8c3adadebcb99d5598224aa89d0ff958

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sv.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sv.js
MD5: 09b88cc023bc9925a4463cfc4840425a
SHA1: 65652b1914ac9fa5d1bfa5da665b03935cc90931
SHA256:424e7d8b85fd18a2f91362b4928ec5d6db005d6fd5927b909ebecf15518c8037

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sw-tz.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sw-tz.js
MD5: c1c1ed12491f2f1da1ad818ea04e96fa
SHA1: d9c7fb89d8a826d9a8a01eb51a4e4d8a7eb5b29c
SHA256:d7a69eccb397f7c20d33d4baa38a809d799a15f48a7910a08c646f49d1315d28

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_sw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_sw.js
MD5: 4765ade7f90d1bdb144eff9d32a4f9ec
SHA1: d58de6410c7361850fa95220a4396b13e4b2f0ca
SHA256:ba97f8edb94a297ffa8029410e2242246889e97a94b1f185532559a391357704

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ta-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ta-in.js
MD5: 8a757a3191571e9fa12331d75be767d9
SHA1: 1f50ecffd24b1be3bce033f34feae86db133cbff
SHA256:2502e202e8e973193e75b8a7d4867492dc7b4392380c8d81dc2982bbc8745f4c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ta.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ta.js
MD5: 47f7c724ce78055ac8de2d8a5a06f423
SHA1: c722c68e069533a4b03da931fa51f523ac0284b6
SHA256:c53e7bfaa7d172fbbd148000e17d5b5372af0c4098287421151540382975eabd

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_te-in.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_te-in.js
MD5: cf4b3de1982d082dc1e2cdc073a8f33a
SHA1: 9312d4c2b20e5a61cea250d418d1d4f280fbbd14
SHA256:477cac38b6fe9ff970b3d70e22c36f958344c5df002df6ef3c074150d26324bf

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_te.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_te.js
MD5: a76a1c600fffab923aef7bbb4bb4009f
SHA1: e56c7ec4a65140e9b8ae6036957ec8911d185c34
SHA256:a2e6eff19362e978a4372b42c0ae5cc4d60245533f833644a4e8d3c6b4bd4d93

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_th-th.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_th-th.js
MD5: 2ecbf2bfa7e627b603d19fd312174c84
SHA1: a11308f3067a386cd9a13809d128c68b30dd39c2
SHA256:802741a779cd0aff552ffa5fdf0a36421e9fabc4f91b24fe7299ad66104ed1f4

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_th.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_th.js
MD5: e272aab515b1b28805abd6ab1e4673ac
SHA1: 263188b552845ccd344d00ef0cd402285f6a5d23
SHA256:559664db3ca6601da42cd29075949b574a465576e61009b0d9919e07a5b5581c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_tl.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_tl.js
MD5: 866913ac10a2f7c93f1441e96fe5daf3
SHA1: 9bcd5aa2a9f69a9eab6e5452c3c23db7a49a1e42
SHA256:30eb2a411bac01758fd44e914bfda28ffbad9d1ab283040c23f0d8396bd7e9a7

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_tr-tr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_tr-tr.js
MD5: b6ab57581c3fdc02072c17738afaee03
SHA1: 1d41125a5e6db3a0bc45ff0065ed43aa8dada298
SHA256:497ce2ade6c1152e6aecc9d1db23befb68e57dea84da69be67dadf8be2932542

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_tr.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_tr.js
MD5: 268c1518114b27fff577af3aa01324b8
SHA1: 4ebaf1f347e5900e245754e4423d5b6690a9e7ad
SHA256:13c25473a5a5afc86d5e5e48f7c851c257be3ac796c05b0079b2e470bc0697f6

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_uk-ua.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_uk-ua.js
MD5: 897d2f102b7fbf7285b7f4cbc0367042
SHA1: 94bdecacdcfa2441331f1ecec855449ea5b33dc8
SHA256:375fd350009d22b24abfe5a1c914609d130830203311544e3fb50fa685e8bd4b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_uk.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_uk.js
MD5: f9fe1870529eef262e418a28470470d6
SHA1: 9f93d7b075b3322ad2c75ca277fcde561f27678c
SHA256:26da53e4f4b5390bc51d7791ac76d1d801189cc921b8bccb451407e1d6ba9901

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ur-pk.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ur-pk.js
MD5: 8178ef57143cecdd09196b93e4272d5b
SHA1: 812170caf187606cc18d0135b3304beef6f31c00
SHA256:8341e8fed9ac473597948c47d9d77e14a7307f8e8c8e773171d5ccde26d3e2c8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_ur.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_ur.js
MD5: dd5469ccf533f57126152f3511176d15
SHA1: cc83abbb2c7a202453b796bea6b4027a7a4d1226
SHA256:97bdb50a2729f94a43a79afd2960ee67fca26cfe6ead6d5ce4d904f489348378

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_vi-vn.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_vi-vn.js
MD5: 4ac65ba73233d5e04682a7567acc6dd4
SHA1: d611a744a28baccdfd3ec09f77eb8df20fbab3b0
SHA256:541cd9370b96650cd864792c1befdf3b2c220904e3efd13a9528da83c9af95d3

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_vi.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_vi.js
MD5: 18b4f391e6f047d975355e4ab8ff8756
SHA1: 78afbde12b2e3004e7e4895e82e20f5d03c5f08f
SHA256:b3f86cde19cfb7ead821e700303a067852c3793e05203cf184274c4c6bed5d79

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh-cn.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_zh-cn.js
MD5: c4a7a552119cd0b6fa2913e96dc2e59b
SHA1: 4c875fd240e3db268dff40fbeff2a6fc5d57fd8f
SHA256:5144e0838f94636a9b645fbd20dc543b082555dd2dfafdb2c0bd1fbe008c173b

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh-hans-cn.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_zh-hans-cn.js
MD5: aeccf8e7f5414894e70970388601a7cf
SHA1: ce83ee76bee45caeaf070d4734052b2502047ccb
SHA256:00d1fd2c4cfc91d21813dd407fa66fabe1b96f1685e984679e13d295a278cd06

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh-hk.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_zh-hk.js
MD5: 0fdd2d0ddd3042f8f7f518a98f51585f
SHA1: 84f4b2ec7182ec6e2869167bf4eb2b08b00053de
SHA256:68ff34f9c26aa6a131bc655c4ae36c89dc3b8d24f88569d5d4969b1641d0bb21

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh-tw.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_zh-tw.js
MD5: 2a5a502645668d5efe7e488957b9233a
SHA1: 07e0dcc027a064f29c13e35a09e2f92066d0a28d
SHA256:045b19e4b4d7201c7ab4d9a9f19165bfdb1cc8824189ce849d14fcae0ba0d2b8

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zh.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_zh.js
MD5: b29c3a0407d161e042a23386ea7e405f
SHA1: 3fd2034f27f570f70d1fbdbade4f9467e80294d0
SHA256:cd827238c4d6ec4653826488f8711c7dfecaeea647fabb08397f996f5ef08637

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zu-za.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_zu-za.js
MD5: 908af5dc86261d7a52e25ecbe64cc9b7
SHA1: 3ef47b228b2297f3a88cb356bf0a5a82e38a6132
SHA256:b2c07473495615bb399dc2f058b5edff2a27f36ae00e586168e7afa350fe35a0

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-locale_zu.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/i18n/angular-locale_zu.js
MD5: 1d53670898c93b57ca3c9e42eb19bece
SHA1: 4cb4e863424b99a4b77e4bbd71965c02eb4bc950
SHA256:5a2f1ad5285644bffbe32058950359e51c2c8693bd0a30e811acbcc97dc9937c

Identifiers

  • None

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: angular-scenario.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/angular-scenario.js
MD5: 3f2aaf7bf49592919bdec2394f6eafb3
SHA1: 320b4aa0cb282267fcae967a109bf6bedb500d1b
SHA256:d65ab66625aaf21f6f78bb577a81e21210919c6a3271d388ddbc90ffae71040b

Identifiers

CVE-2019-10768  

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* versions up to (excluding) 1.7.9

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2019-14863  

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* versions from (including) 1.0.0; versions up to (including) 1.4.14
  • cpe:2.3:a:redhat:decision_manager:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

CISA Known Exploited Vulnerability:
  • Product: JQuery JQuery
  • Name: JQuery Cross-Site Scripting (XSS) Vulnerability
  • Date Added: 2025-01-23
  • Description: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2025-02-13
  • Notes: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2022-25869  

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:*

CVE-2020-7676  

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "<option>" elements in "<select>" ones changes parsing behavior, leading to possibly unsanitizing code.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (5.4)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:2.3/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* versions up to (excluding) 1.8.0

CVE-2023-26116  

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:* versions from (including) 1.2.21; versions up to (including) 1.8.3

CVE-2023-26117  

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:* versions from (including) 1.0.0; versions up to (including) 1.8.3

CVE-2023-26118  

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.
CWE-1333 Inefficient Regular Expression Complexity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular:*:*:*:*:*:node.js:*:* versions from (including) 1.4.9; versions up to (including) 1.8.3

CVE-2024-8373  

Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of  Content Spoofing https://owasp.org/www-community/attacks/Content_Spoofing .

This issue affects all versions of AngularJS.

Note:
The AngularJS project is End-of-Life and will not receive any updates to address this issue. For more information see  here https://docs.angularjs.org/misc/version-support-status .
CWE-791 Incomplete Filtering of Special Elements, NVD-CWE-Other

CVSSv3:
  • Base Score: MEDIUM (4.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:angularjs:angular.js:*:*:*:*:*:*:*:* versions up to (including) 1.8.3
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Cross-Site Scripting via JSONP (RETIREJS)  

Cross-Site Scripting via JSONP
Unscored:
  • Severity: medium

References:

DOS in $sanitize (RETIREJS)  

DOS in $sanitize
Unscored:
  • Severity: medium

References:

The attribute usemap can be used as a security exploit (RETIREJS)  

The attribute usemap can be used as a security exploit
Unscored:
  • Severity: medium

References:

Universal CSP bypass via add-on in Firefox (RETIREJS)  

Universal CSP bypass via add-on in Firefox
Unscored:
  • Severity: medium

References:

XSS via JQLite DOM manipulation functions in AngularJS (RETIREJS)  

XSS via JQLite DOM manipulation functions in AngularJS
Unscored:
  • Severity: medium

References:

CVE-2025-0716 (RETIREJS)  

Unscored:

  • Severity: low

References:

End-of-Life: Long term support for AngularJS has been discontinued as of December 31, 2021 (RETIREJS)  

End-of-Life: Long term support for AngularJS has been discontinued as of December 31, 2021
Unscored:
  • Severity: low

References:

XSS in $sanitize in Safari/Firefox (RETIREJS)  

XSS in $sanitize in Safari/Firefox
Unscored:
  • Severity: low

References:

jquery issue: 162 (RETIREJS)  

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
Unscored:
  • Severity: low

References:

spring-music-sqldb-1.0.jar: angularjs-1.2.16.jar: webjars-requirejs.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/angularjs-1.2.16.jar/META-INF/resources/webjars/angularjs/1.2.16/webjars-requirejs.js
MD5: 454afbee5c9ea18772836e091ccbf3f0
SHA1: 3f773171678959bdc3b4654f05ac0eac55721200
SHA256:3e7356c741a39a4d7d402010dd09b636b4b29b8446641885b666429eeaa79a21

Identifiers

  • None

spring-music-sqldb-1.0.jar: antlr-2.7.7.jar

Description:

    A framework for constructing recognizers, compilers,
    and translators from grammatical descriptions containing
    Java, C#, C++, or Python actions.
  

License:

BSD License: http://www.antlr.org/license.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0
SHA256:88fbda4b912596b9f56e8e12e580cc954bacfb51776ecfddd3e18fc1cf56dc4c

Identifiers

spring-music-sqldb-1.0.jar: aspectjweaver-1.8.13.jar

Description:

The AspectJ weaver introduces advices to java classes

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/aspectjweaver-1.8.13.jar
MD5: 4a95811a5b41a038a359c05189de9829
SHA1: ad94df2a28d658a40dc27bbaff6a1ce5fbf04e9b
SHA256:965d0928b0e07dcedb67f0d0a48653d36a6cff257e3270cb28ea48fef6c30a27

Identifiers

spring-music-sqldb-1.0.jar: azure-client-runtime-1.0.0.jar

Description:

This package contains the basic runtime for AutoRest generated Azure Java clients.

License:

The MIT License (MIT): http://opensource.org/licenses/MIT
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/azure-client-runtime-1.0.0.jar
MD5: a30dcca70f7e92ca2fcf9934777ea8ae
SHA1: 265022f1a05a0297f9b799cd2605593d2f635e5a
SHA256:d73ce3f88efb466cd71a6aa38c10889e704f7093ab0b34982d215bf29ac11ead

Identifiers

spring-music-sqldb-1.0.jar: azure-keyvault-1.0.0.jar

Description:

This package contains Microsoft Azure Key Vault SDK.

License:

The MIT License (MIT): http://opensource.org/licenses/MIT
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/azure-keyvault-1.0.0.jar
MD5: 9a8d568b3ed2108f4b16ed017532e39d
SHA1: 4dda51b3e10d5f5c1c19f7bf5f954af6e69a5177
SHA256:68be4cfcf5d67d1ef12fa21cec5a2b823bdb8a761e72e46a63cf79e2b7f0b246

Identifiers

spring-music-sqldb-1.0.jar: bootstrap-3.1.1.jar

Description:

WebJar for Bootstrap

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/bootstrap-3.1.1.jar
MD5: 636baf40fe72fa6b36c2cf173f04a81a
SHA1: a11ab29de60b76fa111a2ca583de57abdbbcad26
SHA256:5e42d07a9896e06b4b0cbad6c0c30051bb2b213edbd9c02c78dc096612c41e99

Identifiers

CVE-2016-10735  

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*

CVE-2018-14041  

In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-14042  

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions from (including) 4.0.0; versions up to (excluding) 4.1.2
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha4:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha5:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:alpha6:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:getbootstrap:bootstrap:4.0.0:beta3:*:*:*:*:*:*

CVE-2018-20676  

In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2018-20677  

In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0

CVE-2018-14040 (OSSINDEX)  

In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.099999904632568)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.webjars:bootstrap:3.1.1:*:*:*:*:*:*:*

CVE-2019-8331 (OSSINDEX)  

In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2019-8331 for details
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.099999904632568)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.webjars:bootstrap:3.1.1:*:*:*:*:*:*:*

CVE-2024-6484 (OSSINDEX)  

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-6484 for details
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.099999904632568)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.webjars:bootstrap:3.1.1:*:*:*:*:*:*:*

CVE-2024-6485 (OSSINDEX)  

A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: LOW (2.0999999046325684)
  • Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.webjars:bootstrap:3.1.1:*:*:*:*:*:*:*

Bootstrap before 4.0.0 is end-of-life and no longer maintained. (RETIREJS)  

Bootstrap before 4.0.0 is end-of-life and no longer maintained.
Unscored:
  • Severity: low

References:

spring-music-sqldb-1.0.jar: bootstrap-3.1.1.jar: webjars-requirejs.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/bootstrap-3.1.1.jar/META-INF/resources/webjars/bootstrap/3.1.1/webjars-requirejs.js
MD5: 789ccf1bc1a08036d1753c43bc6ac838
SHA1: c68ffdc2c076c8630fca6184eef122826249f40b
SHA256:108ecc9810d96376defeeb6b5d1788e36c5ee278287d8c3dfa0f0900e83c8523

Identifiers

  • None

spring-music-sqldb-1.0.jar: bson-3.6.3.jar

Description:

The BSON library

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/bson-3.6.3.jar
MD5: 77bdd3e2c3d577c0ed383dbf479f8af7
SHA1: 6c85ddf1fc96eb8776213bef6665d005a564ecd3
SHA256:51c988ca3f913acd0d36a72283cc158902f85ee9ffd14c5005311871f6f9a1ed

Identifiers

spring-music-sqldb-1.0.jar: classmate-1.3.4.jar

Description:

Library for introspecting types with full generic information
        including resolving of field and method types.
    

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/classmate-1.3.4.jar
MD5: 1e2e0fcc510753882683417e01895242
SHA1: 03d5f48f10bbe4eb7bd862f10c0583be2e0053c6
SHA256:c2bfcc21467351d0f9a1558822b72dbac2b21f6b9f700a44fc6b345491ef3c88

Identifiers

spring-music-sqldb-1.0.jar: client-runtime-1.0.0.jar

Description:

This package contains the basic runtime for AutoRest generated Java clients.

License:

The MIT License (MIT): http://opensource.org/licenses/MIT
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/client-runtime-1.0.0.jar
MD5: ea31cb0e32ea8a1c48cb0b7e7f0a455b
SHA1: 44e60e33655f29e6179708b87e2421abb6e2e8fb
SHA256:31e2238350905ac1f1bbf79b7d5949b7f70c5f6ea36f3065e5edf884353eef8b

Identifiers

spring-music-sqldb-1.0.jar: commons-codec-1.11.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/commons-codec-1.11.jar
MD5: 567159b1ae257a43e1391a8f59d24cfe
SHA1: 3acb4705652e16236558f0f4f2192cc33c3bd189
SHA256:e599d5318e97aa48f42136a2927e6dfa4e8881dff0e6c8e3109ddbbff51d7b7d

Identifiers

spring-music-sqldb-1.0.jar: commons-collections4-4.1.jar

Description:

The Apache Commons Collections package contains types that extend and augment the Java Collections Framework.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/commons-collections4-4.1.jar
MD5: 45af6a8e5b51d5945de6c7411e290bd1
SHA1: a4cf4688fe1c7e3a63aa636cc96d013af537768e
SHA256:b1fe8b5968b57d8465425357ed2d9dc695504518bed2df5b565c4b8e68c1c8a5

Identifiers

spring-music-sqldb-1.0.jar: commons-lang3-3.7.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.
  

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/commons-lang3-3.7.jar
MD5: f1df5623d78c432b7c3d58ff491e1801
SHA1: 557edd918fd41f9260963583ebf5a61a43a6b423
SHA256:6e8dc31e046508d9953c96534edf0c2e0bfe6f468966b5b842b3f87e43b6a847

Identifiers

CVE-2025-48924 (OSSINDEX)  

Uncontrolled Recursion vulnerability in Apache Commons Lang.

This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to 2.6, and, from org.apache.commons:commons-lang3 3.0 before 3.18.0.

The methods ClassUtils.getClass(...) can throw StackOverflowError on very long inputs. Because an Error is usually not handled by applications and libraries, a 
StackOverflowError could cause an application to stop.

Users are recommended to upgrade to version 3.18.0, which fixes the issue.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-48924 for details
CWE-674 Uncontrolled Recursion

CVSSv2:
  • Base Score: MEDIUM (6.900000095367432)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.commons:commons-lang3:3.7:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: converter-jackson-2.1.0.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/converter-jackson-2.1.0.jar
MD5: 2a99e66ead438dd054375c3a6b6e37b4
SHA1: ef33476a62d9c62dfca6b6c9e086f2e3343a96f4
SHA256:1a5522419639b6261b70e9011606954be5ae2c260392c737698bf3cae02929c8

Identifiers

spring-music-sqldb-1.0.jar: dom4j-1.6.1.jar

Description:

dom4j: the flexible XML framework for Java

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
SHA256:593552ffea3c5823c6602478b5002a7c525fd904a3c44f1abe4065c22edfac73

Identifiers

CVE-2020-10683  

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1000632 (OSSINDEX)  

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
CWE-91 XML Injection (aka Blind XPath Injection)

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:dom4j:dom4j:1.6.1:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: gson-2.8.2.jar

Description:

Gson JSON library

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/gson-2.8.2.jar
MD5: 2330bde3467e7cfec44d38e74f27dab8
SHA1: 3edcfe49d2c6053a70a2a47e4e1c2f94998a49cf
SHA256:b7134929f7cc7c04021ec1cc27ef63ab907e410cf0588e397b8851181eb91092

Identifiers

CVE-2022-25647  

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2025-53864 (OSSINDEX)  

github.com/sigstore/sigstore-java (gson) - Stack-based Buffer Overflow [CVE-2025-53864]

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-121 Stack-based Buffer Overflow

CVSSv2:
  • Base Score: MEDIUM (6.900000095367432)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.google.code.gson:gson:2.8.2:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: guava-20.0.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, google's collections, io classes, and much
    much more.

    Guava has only one code dependency - javax.annotation,
    per the JSR-305 spec.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/guava-20.0.jar
MD5: f32a8a2524620dbecc9f6bf6a20c293f
SHA1: 89507701249388e1ed5ddcf8c41f4ce1be7831ef
SHA256:36a666e3b71ae7f0f0dca23654b67e086e6c93d192f60ba5dfd5519db6c288c8

Identifiers

CVE-2023-2976  

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class.

Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.
CWE-552 Files or Directories Accessible to External Parties

CVSSv3:
  • Base Score: HIGH (7.1)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2018-10237  

Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908  

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

CWE-378 Creation of Temporary File With Insecure Permissions, CWE-732 Incorrect Permission Assignment for Critical Resource

CVSSv3:
  • Base Score: LOW (3.3)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (2.1)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: h2-1.4.197.jar

Description:

H2 Database Engine

License:

MPL 2.0 or EPL 1.0: http://h2database.com/html/license.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/h2-1.4.197.jar
MD5: f9893acfa22b7fe1492dd9c515af2e5b
SHA1: bb391050048ca8ae3e32451b5a3714ecd3596a46
SHA256:37f5216e14af2772930dff9b8734353f0a80e89ba3f33e065441de6537c5e842

Identifiers

CVE-2021-42392  

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2022-23221  

H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (10.0)
  • Vector: /AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2018-10054  

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-45868  

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states "This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that." Nonetheless, the issue was fixed in 2.2.220.
CWE-312 Cleartext Storage of Sensitive Information

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2018-14335  

An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file.
CWE-276 Incorrect Default Permissions, CWE-59 Improper Link Resolution Before File Access ('Link Following')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: h2-1.4.197.jar: data.zip: table.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/h2-1.4.197.jar/org/h2/util/data.zip/org/h2/server/web/res/table.js
MD5: 4438d0c12097dae5f3fabd1290c16ec8
SHA1: f8016b15b9e89501baf51e5d9b532da37c21a226
SHA256:d76db45139f9f2beea3afcc1e24437efea061037956c1238d7bb3a4810fae691

Identifiers

  • None

spring-music-sqldb-1.0.jar: h2-1.4.197.jar: data.zip: tree.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/h2-1.4.197.jar/org/h2/util/data.zip/org/h2/server/web/res/tree.js
MD5: fb35bd0b4542444661eece734b5a091e
SHA1: e9d387e5abc95c53525b2cf437abca69338e8c9a
SHA256:c0aebf5f276372fa483c7ce5faab50401bf6a75a929ac9c0e072aa23c17b5935

Identifiers

  • None

spring-music-sqldb-1.0.jar: hibernate-commons-annotations-5.0.1.Final.jar

Description:

Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/hibernate-commons-annotations-5.0.1.Final.jar
MD5: 2a9d6f5a4ece96557bc4300ecc4486fb
SHA1: 71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879
SHA256:9431ca05c335f9b6ec550f5d65ad56047a5f336e2d41cce4067591d20c4e51df

Identifiers

spring-music-sqldb-1.0.jar: hibernate-core-5.2.16.Final.jar

Description:

The core O/RM functionality as provided by Hibernate

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/hibernate-core-5.2.16.Final.jar
MD5: 2020bbd44c74afb12d2e73b8ae20bcd4
SHA1: c169565556721e21e9bdc193a3e8e25160a45468
SHA256:89312da2f524e0a232610d7452c2ef8c1183ca5955f3ee7690954c872e098d31

Identifiers

CVE-2020-25638  

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (7.4)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900  

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: hibernate-jpa-2.1-api-1.0.0.Final.jar

Description:

Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation.  See README.md for details

License:

Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/hibernate-jpa-2.1-api-1.0.0.Final.jar
MD5: 01b091825023c97fdfd6d2bceebe03ff
SHA1: 5e731d961297e5a07290bfaf3db1fbc8bbbf405a
SHA256:ab46597e3a057f99c8339fffe14c1d27f9dbd2409ae840c62121b00d983c78bd

Identifiers

spring-music-sqldb-1.0.jar: hibernate-validator-6.0.9.Final.jar

Description:

Hibernate's Bean Validation (JSR-380) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/hibernate-validator-6.0.9.Final.jar
MD5: 6250c442411c5d0c7ba6fe3ca9935ea7
SHA1: b149e4cce82379f11f6129eb3187ca8ae5404005
SHA256:be05d5979abb40f804c35e2d67ffd950eb22dab9bd2bd618618bcc726264b022

Identifiers

CVE-2025-35036 (OSSINDEX)  

Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (6.900000095367432)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.hibernate.validator:hibernate-validator:6.0.9.Final:*:*:*:*:*:*:*

CVE-2019-10219  

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-1932  

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or Cross-Site-Scripting (XSS) attacks.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10693  

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: jackson-annotations-2.9.0.jar

Description:

Core annotations used for value types, used by Jackson data binding package.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jackson-annotations-2.9.0.jar
MD5: c09faa1b063681cf45706c6df50685b6
SHA1: 07c10d545325e3a6e72e06381afe469fd40eb701
SHA256:45d32ac61ef8a744b464c54c2b3414be571016dd46bfc2bec226761cf7ae457a

Identifiers

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: jackson-core-2.9.5.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jackson-core-2.9.5.jar
MD5: ec59f24f7f8d9acf53301c562722adf2
SHA1: a22ac51016944b06fd9ffbc9541c6e7ce5eea117
SHA256:a2bebaa325ad25455b02149c67e6052367a7d7fc1ce77de000eed284a5214eac

Identifiers

CVE-2025-49128 (OSSINDEX)  

Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible information disclosure in systems using pooled or reused buffers, like Netty or Vert.x. This issue was silently fixed in jackson-core version 2.13.0, released on September 30, 2021, via PR #652. All users should upgrade to version 2.13.0 or later. If upgrading is not immediately possible, applications can mitigate the issue by disabling exception message exposure to clients to avoid returning parsing exception messages in HTTP responses and/or disabling source inclusion in exceptions to prevent Jackson from embedding any source content in exception messages, avoiding leakage.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-49128 for details
CWE-209 Generation of Error Message Containing Sensitive Information

CVSSv2:
  • Base Score: MEDIUM (6.900000095367432)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.fasterxml.jackson.core:jackson-core:2.9.5:*:*:*:*:*:*:*

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: jackson-databind-2.9.5.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jackson-databind-2.9.5.jar
MD5: 34b37affbf74f5d199be10622ddc83cd
SHA1: 3490508379d065fe3fcb80042b62f630f7588606
SHA256:0fb4e079c118e752cc94c15ad22e6782b0dfc5dc09145f4813fb39d82e686047

Identifiers

CVE-2018-14721  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv3:
  • Base Score: CRITICAL (10.0)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11307  

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14718  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14719  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14720  

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
CWE-611 Improper Restriction of XML External Entity Reference, CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-19360  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-19361  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-19362  

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14379  

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14540  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14892  

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
CWE-502 Deserialization of Untrusted Data, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14893  

A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code.
CWE-502 Deserialization of Untrusted Data, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16335  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16942  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16943  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-17267  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-17531  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20330  

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8840  

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9546  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9547  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9548  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10672  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
CWE-502 Deserialization of Untrusted Data, NVD-CWE-Other

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10673  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CWE-502 Deserialization of Untrusted Data, NVD-CWE-Other

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10968  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10969  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11111  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11112  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11113  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10650  

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11619  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11620  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-14060  

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-14061  

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-14062  

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-14195  

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-24616  

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-24750  

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35490  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35491  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35728  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (aka embedded Xalan in org.glassfish.web/javax.servlet.jsp.jstl).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36179  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36180  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36181  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36182  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36183  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36184  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36185  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36186  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36187  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36188  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36189  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-20190  

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (8.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2018-12022  

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-12023  

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12086  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14439  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25649  

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36518  

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42003  

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42004  

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12384  

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12814  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: jackson-datatype-jdk8-2.9.5.jar

Description:

Add-on module for Jackson (http://jackson.codehaus.org) to support
JDK 8 data types.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jackson-datatype-jdk8-2.9.5.jar
MD5: c3ae868458aa70411434fc1b2e219aca
SHA1: 023e37f085279ba316c0df923513b81609e1d1f6
SHA256:b31178ec713672c6abe49809d9295663de7091e7e226c8cdbd58557100af9afc

Identifiers

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: jackson-datatype-joda-2.9.5.jar

Description:

Add-on module for Jackson (http://jackson.codehaus.org) to support
Joda (http://joda-time.sourceforge.net/) data types.
  

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jackson-datatype-joda-2.9.5.jar
MD5: ab7b5f38eb59384993e5e40360fb61aa
SHA1: 1bd3d90b030cd65bef68e6aa8fb01639ff2a516d
SHA256:9538d51d47158e729fc3bfec018bd454de4231643251e4143c52bb12182f6ee7

Identifiers

spring-music-sqldb-1.0.jar: jandex-2.0.3.Final.jar

Description:

Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jandex-2.0.3.Final.jar
MD5: 77db6e55da888349f5466d2dcf150b14
SHA1: bfc4d6257dbff7a33a357f0de116be6ff951d849
SHA256:a3a65250cf954f102e74bab23df12540780878231195b585a7a86f4364a53727

Identifiers

spring-music-sqldb-1.0.jar: javassist-3.22.0-GA.jar

Description:

  	Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
    simple.  It is a class library for editing bytecodes in Java.
  

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/javassist-3.22.0-GA.jar
MD5: 69f277ed4c6631e45ec4cacd0e6e46c6
SHA1: 3e83394258ae2089be7219b971ec21a8288528ad
SHA256:59531c00f3e3aa1ff48b3a8cf4ead47d203ab0e2fd9e0ad401f764e05947e252

Identifiers

spring-music-sqldb-1.0.jar: javax.annotation-api-1.3.2.jar

Description:

Common Annotations for the JavaTM Platform API

License:

CDDL + GPLv2 with classpath exception: https://github.com/javaee/javax.annotation/blob/master/LICENSE
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/javax.annotation-api-1.3.2.jar
MD5: 2ab1973eefffaa2aeec47d50b9e40b9d
SHA1: 934c04d3cfef185a8008e7bf34331b79730a9d43
SHA256:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b

Identifiers

spring-music-sqldb-1.0.jar: javax.transaction-api-1.2.jar

Description:

Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e
SHA256:9528449583c34d9d63aa1d8d15069790f925ae1f27b33784773b8099eff4c9ff

Identifiers

spring-music-sqldb-1.0.jar: jboss-logging-3.3.2.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
SHA256:cb914bfe888da7d9162e965ac8b0d6f28f2f32eca944a00fbbf6dd3cf1aacc13

Identifiers

spring-music-sqldb-1.0.jar: jcip-annotations-1.0-1.jar

Description:

    A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.
  

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256:4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323

Identifiers

spring-music-sqldb-1.0.jar: joda-time-2.9.9.jar

Description:

Date and time library to replace JDK date handling

License:

Apache 2: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/joda-time-2.9.9.jar
MD5: eca438c8cc2b1de38e28d884b7f15dbc
SHA1: f7b520c458572890807d143670c9b24f4de90897
SHA256:b049a43c1057942e6acfbece008e4949b2e35d1658d0c8e06f4485397e2fa4e7

Identifiers

spring-music-sqldb-1.0.jar: jquery-2.1.0-2.jar

Description:

WebJar for jQuery

License:

MIT License: https://github.com/jquery/jquery/blob/master/MIT-LICENSE.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jquery-2.1.0-2.jar
MD5: ba6a537302d2aaaa2d137531c4fc2456
SHA1: 0db1742ea52e14b25b7c4ab39d7a348324241567
SHA256:e97a279de4df230f480a81ac69a82c8aec73970ef152342f332fc2132fff1de1

Identifiers

CVE-2019-11358 (OSSINDEX)  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2019-11358 for details
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (6.099999904632568)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.webjars:jquery:2.1.0-2:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: jquery-2.1.0-2.jar: jquery.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jquery-2.1.0-2.jar/META-INF/resources/webjars/jquery/2.1.0/jquery.js
MD5: 3177091fb9705dd978689ba11bf0609a
SHA1: 0fe3e567e0776226ee98326ba8cae7680683c112
SHA256:0fa7752926a95e3ab6b5f67a21ef40628ce4447c81ddf4f6cacf663b6fb85af7

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

CISA Known Exploited Vulnerability:
  • Product: JQuery JQuery
  • Name: JQuery Cross-Site Scripting (XSS) Vulnerability
  • Date Added: 2025-01-23
  • Description: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2025-02-13
  • Notes: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

jquery issue: 162 (RETIREJS)  

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
Unscored:
  • Severity: low

References:

spring-music-sqldb-1.0.jar: jquery-2.1.0-2.jar: jquery.min.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jquery-2.1.0-2.jar/META-INF/resources/webjars/jquery/2.1.0/jquery.min.js
MD5: 1fe1caacda14275805e4c6fb15f2503b
SHA1: 7e40e55d80a93539665009b9772829300701bb32
SHA256:8851e7844413ec986053d7d497ca932861b8622d2369bb291777329c2a713c72

Identifiers

CVE-2015-9251  

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.0.0
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:* versions up to (excluding) 7.0.0.1
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:* versions up to (excluding) 6.1.0.4.0
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:* versions up to (excluding) 7.2
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_reconciliation_framework:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_cruise_fleet_management:9.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:oss_support_tools:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.1; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_allocation:15.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_invoice_matching:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_sales_audit:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.60.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_workforce_management_software:1.64.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:18.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:* versions from (including) 4.3.0.1; versions up to (including) 4.3.0.4
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:11.1.1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*

CVE-2019-11358  

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.11.0; versions up to (excluding) 1.11.9
  • cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:* versions from (including) 1.12.0; versions up to (excluding) 1.12.6
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.66
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.5.0; versions up to (excluding) 8.5.15
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (excluding) 8.6.15
  • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* versions from (including) 3.0.0; versions up to (including) 3.9.4
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions up to (excluding) 3.4.0
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 19.1
  • cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.0; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 7.3.3; versions up to (including) 7.3.5
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:* versions from (including) 8.0.5; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.2; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.6
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.4; versions up to (including) 8.0.7
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:* versions from (including) 8.6.0; versions up to (including) 8.6.3
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.15
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2.0; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* versions from (including) 17.7; versions up to (including) 17.12
  • cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:* versions up to (including) 19.8
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:* versions from (including) 2.3.0.1; versions up to (including) 2.3.0.3
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*

CVE-2020-11022  

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.2; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:agile_product_supplier_collaboration_for_process:6.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* versions from (including) 18.1; versions up to (including) 20.1
  • cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\::*:*:*:*:*:*:*:* versions from (including) 8.0.0; versions up to (including) 8.2.2
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* versions from (including) 8.0.6.0.0; versions up to (including) 8.1.0.0.0
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.8
  • cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.0.9
  • cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:* versions from (including) 19.1.0; versions up to (including) 19.1.2
  • cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hospitality_simphony:19.1.0-19.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:* versions from (including) 8.0.6; versions up to (including) 8.1.0
  • cpe:2.3:a:oracle:insurance_data_foundation:8.0.6-8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:* versions from (including) 5.0.0.0; versions up to (including) 5.6.0.0
  • cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:* versions from (including) 12.2.0; versions up to (including) 12.2.20
  • cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

CVE-2020-11023  

CISA Known Exploited Vulnerability:
  • Product: JQuery JQuery
  • Name: JQuery Cross-Site Scripting (XSS) Vulnerability
  • Date Added: 2025-01-23
  • Description: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.
  • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2025-02-13
  • Notes: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv3:
  • Base Score: MEDIUM (6.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions (NVD):

  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 7.0; versions up to (excluding) 7.70
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.7.0; versions up to (excluding) 8.7.14
  • cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* versions from (including) 8.8.0; versions up to (excluding) 8.8.6
  • cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:* versions from (including) 1.0.3; versions up to (excluding) 3.5.0
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
  • cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:max_data:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:* versions from (including) 3.0; versions up to (including) 3.1.3
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:* versions up to (excluding) 20.2
  • cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:* versions from (including) 2.7.0; versions up to (including) 2.8.0
  • cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:* versions from (including) 2.4.0; versions up to (including) 2.10.0
  • cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:* versions up to (excluding) 21.1.2
  • cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*
  • cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:* versions from (including) 16.1.0; versions up to (including) 16.4.0
  • cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:* versions from (including) 6.1; versions up to (including) 6.4
  • cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:* versions from (including) 4.1; versions up to (including) 4.3
  • cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:health_sciences_inform:6.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:hyperion_financial_reporting:11.1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* versions up to (excluding) 9.2.5.0
  • cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:* versions up to (excluding) 2.12.41
  • cpe:2.3:a:oracle:peoplesoft_enterprise_human_capital_management_resources:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 16.2; versions up to (including) 16.2.11
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 17.12.0; versions up to (including) 17.12.7
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 18.8.0; versions up to (including) 18.8.9
  • cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* versions from (including) 19.12.0; versions up to (including) 19.12.4
  • cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*
  • cpe:2.3:a:oracle:siebel_mobile:*:*:*:*:*:*:*:* versions up to (including) 20.12
  • cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:tenable:log_correlation_engine:*:*:*:*:*:*:*:* versions up to (excluding) 6.0.9

jquery issue: 162 (RETIREJS)  

jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates
Unscored:
  • Severity: low

References:

spring-music-sqldb-1.0.jar: jquery-2.1.0-2.jar: webjars-requirejs.js

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jquery-2.1.0-2.jar/META-INF/resources/webjars/jquery/2.1.0/webjars-requirejs.js
MD5: 30e1a7f167b667001f50e32ea87bf7b5
SHA1: d18dc733350ad3549af2df096599e824c10f777e
SHA256:daca7b23bc4d8302a8961373b92b78d36d5c85d730fc14130e29d55d976aa420

Identifiers

  • None

spring-music-sqldb-1.0.jar: json-smart-1.3.1.jar

Description:

    JSON (JavaScript Object Notation) is a lightweight data-interchange format.
    It is easy for humans to read and write. It is easy for machines to parse and generate.
    It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition
    - December 1999. JSON is a text format that is completely language independent but uses
    conventions that are familiar to programmers of the C-family of languages, including C, C++, C#,
    Java, JavaScript, Perl, Python, and many others.
    These properties make JSON an ideal data-interchange language.
	

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/json-smart-1.3.1.jar
MD5: b4f09b247c03cc2d091502d5b1db1f7f
SHA1: 69b3835e96d282ec85fc2e1517b8164c45ed639e
SHA256:ac3689112788e042088755e63ecd1f689adfeb04d7fb1cfd244513f94f82522c

Identifiers

CVE-2021-31684  

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2023-1370  

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib.

When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively.

It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2021-27568  

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.
CWE-754 Improper Check for Unusual or Exceptional Conditions

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: jul-to-slf4j-1.7.25.jar

Description:

JUL to SLF4J bridge

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/jul-to-slf4j-1.7.25.jar
MD5: ab28124cb05fec600f2ffe37b94629e0
SHA1: 0af5364cd6679bfffb114f0dec8a157aaa283b76
SHA256:416c5a0c145ad19526e108d44b6bf77b75412d47982cce6ce8d43abdbdbb0fac

Identifiers

spring-music-sqldb-1.0.jar: lang-tag-1.7.jar

Description:

Java implementation of "Tags for Identifying Languages" (RFC 5646)

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/lang-tag-1.7.jar
MD5: 31b8a4f76fdbf21f1d667f9d6618e0b2
SHA1: 97c73ecd70bc7e8eefb26c5eea84f251a63f1031
SHA256:e8c1c594e2425bdbea2d860de55c69b69fc5d59454452449a0f0913c2a5b8a31

Identifiers

spring-music-sqldb-1.0.jar: lettuce-core-5.0.3.RELEASE.jar

Description:

Advanced and thread-safe Java Redis client for synchronous, asynchronous, and
        reactive usage. Supports Cluster, Sentinel, Pipelining, Auto-Reconnect, Codecs
        and much more.
    

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/lettuce-core-5.0.3.RELEASE.jar
MD5: 13eaad4169405dc6fb621378f3655385
SHA1: a888355a2c69ba7329ee542e1cc4cc5b90da1723
SHA256:08cbd74d328d82e7857c6915742f0a9263b3b1b5385bf7658fce94c0b2a18de3

Identifiers

spring-music-sqldb-1.0.jar: log4j-api-2.10.0.jar

Description:

The Apache Log4j API

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/log4j-api-2.10.0.jar
MD5: b15b1def49daaf7e74fffcce9442ba98
SHA1: fec5797a55b786184a537abd39c3fa1449d752d6
SHA256:26af661e5c37cfe233cdec402e8a5c0bd112e03d3b6cf12b0d9db7ee7f6fbdd9

Identifiers

CVE-2020-9488  

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: LOW (3.7)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: log4j-to-slf4j-2.10.0.jar

Description:

The Apache Log4j binding between Log4j 2 API and SLF4J.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/log4j-to-slf4j-2.10.0.jar
MD5: 7ac821f6ff3d7f9ed68ffe982a76b8c2
SHA1: f7e631ccf49cfc0aefa4a2a728da7d374c05bd3c
SHA256:b9006337856504a2dd930eb4900ca78d63c13c8a2dd195fc65ca2aa4cfc04850

Identifiers

spring-music-sqldb-1.0.jar: logback-classic-1.2.3.jar

Description:

logback-classic module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/logback-classic-1.2.3.jar
MD5: 64f7a68f931aed8e5ad8243470440f0b
SHA1: 7c4f3c474fb2c041d8028740440937705ebb473a
SHA256:fb53f8539e7fcb8f093a56e138112056ec1dc809ebb020b59d8a36a5ebac37e0

Identifiers

CVE-2023-6378  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.

CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-42550  

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: MEDIUM (6.6)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:0.7/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (8.5)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: logback-core-1.2.3.jar

Description:

logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/logback-core-1.2.3.jar
MD5: 841fc80c6edff60d947a3872a2db4d45
SHA1: 864344400c3d4d92dfeb0a305dc87d953677c03c
SHA256:5946d837fe6f960c02a53eda7a6926ecc3c758bbdd69aa453ee429f858217f22

Identifiers

CVE-2023-6378  

A serialization vulnerability in logback receiver component part of 
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service 
attack by sending poisoned data.

CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-42550  

In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: MEDIUM (6.6)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:0.7/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (8.5)
  • Vector: /AV:N/AC:M/Au:S/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2024-12798 (OSSINDEX)  

ACE vulnerability in JaninoEventEvaluator  by QOS.CH logback-core
      upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows
      attacker to execute arbitrary code by compromising an existing
      logback configuration file or by injecting an environment variable
      before program execution.





Malicious logback configuration files can allow the attacker to execute 
arbitrary code using the JaninoEventEvaluator extension.



A successful attack requires the user to have write access to a 
configuration file. Alternatively, the attacker could inject a malicious 
environment variable pointing to a malicious configuration file. In both 
cases, the attack requires existing privilege.
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv2:
  • Base Score: MEDIUM (5.900000095367432)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.2.3:*:*:*:*:*:*:*

CVE-2024-12801 (OSSINDEX)  

Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12  on the Java platform, allows an attacker to 
forge requests by compromising logback configuration files in XML.



The attacks involves the modification of DOCTYPE declaration in  XML configuration files.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-12801 for details
CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:
  • Base Score: LOW (2.4000000953674316)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:ch.qos.logback:logback-core:1.2.3:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: logging-interceptor-3.3.1.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/logging-interceptor-3.3.1.jar
MD5: 9145e870f51a770ad15221862d11d4f5
SHA1: 99ce730034c6f5aaed710d1e0e9df95e8714ed5f
SHA256:f1c50344a874d5c532b41d09a025acee1e6743b55e007f832d619bc2f552fc3d

Identifiers

CVE-2018-20200  

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2023-0833  

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CWE-209 Generation of Error Message Containing Sensitive Information

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: mail-1.4.7.jar

Description:

JavaMail API (compat)

License:

http://www.sun.com/cddl, https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/mail-1.4.7.jar
MD5: 77f53ff0c78ba43c4812ecc9f53e20f8
SHA1: 9add058589d5d85adeb625859bf2c5eeaaedf12d
SHA256:78c33b4f7c7b60f4b680f2d2405b1f063d71929cf1a4fbc328888379f365fcfb

Identifiers

spring-music-sqldb-1.0.jar: micrometer-core-1.0.3.jar

Description:

Application monitoring instrumentation facade

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/micrometer-core-1.0.3.jar
MD5: b65e5df7bd88e359261f31785cced9d9
SHA1: 8234fa7ea2b2d6f7147209dcaaa7cd347951d5eb
SHA256:0fa2584a2dde6a270ca76e7eb9f87d97759f2e8b722a7f8925ab0efe67d58c32

Identifiers

spring-music-sqldb-1.0.jar: mongodb-driver-3.6.3.jar

Description:

The MongoDB Driver

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/mongodb-driver-3.6.3.jar
MD5: 887cd075b7f8fab34bd7462eab23b8d4
SHA1: d462fcc4640ac69b35e7cd2491e992c6bdf82862
SHA256:05742d826498d5f2223a9919c615a682571c42f99cad85e80429107ccea8c2c7

Identifiers

CVE-2021-20328 (OSSINDEX)  

Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: MEDIUM (6.800000190734863)
  • Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.mongodb:mongodb-driver:3.6.3:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: mongodb-driver-core-3.6.3.jar

Description:

The Java operations layer for the MongoDB Java Driver. Third parties can ' +
                                                   'wrap this layer to provide custom higher-level APIs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/mongodb-driver-core-3.6.3.jar
MD5: be30b055e73fd7aa5dbab12b8eaee509
SHA1: f2c41ad5349cdb65a6f7bde16f5ebae9a0dbe5f5
SHA256:7de0b300c3687eeca77d76e6af42ee336880a4b6e08bf33d2bcbaa3c8f98af2f

Identifiers

spring-music-sqldb-1.0.jar: mssql-jdbc-6.2.2.jre8.jar

Description:

		Microsoft JDBC Driver for SQL Server.
		The Azure Key Vault feature in Microsoft JDBC Driver for SQL Server depends on 
		Azure SDK for JAVA and Azure Active Directory Library For Java.
	

License:

MIT License: http://www.opensource.org/licenses/mit-license.php
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/mssql-jdbc-6.2.2.jre8.jar
MD5: 7422706ded326cc60b222d99e698d437
SHA1: a9ee2b0234f623f49fad888550011035b99d0861
SHA256:4ff4ff2fc61008a9c51bd16de7150d3d4f18dd628ca5e6b85c03d4e470b1644d

Identifiers

spring-music-sqldb-1.0.jar: mysql-connector-java-5.1.46.jar

Description:

MySQL JDBC Type 4 driver

License:

The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/mysql-connector-java-5.1.46.jar
MD5: eeacff7cadb9b49e4c3cc6d2f4246088
SHA1: 9a3e63b387e376364211e96827bc27db8d7a92e9
SHA256:3122089761e6403f02e8a81ed4a2d65a2e1029734651ba00f2ea92d920ff7b1e

Identifiers

CVE-2018-3258 (OSSINDEX)  

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
CWE-noinfo

CVSSv3:
  • Base Score: HIGH (8.800000190734863)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:5.1.46:*:*:*:*:*:*:*

CVE-2023-22102  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).  Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
CWE-284 Improper Access Control, NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (8.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:1.6/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2019-2692  

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.3)
  • Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:0.3/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:L/AC:H/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2022-21363 (OSSINDEX)  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (6.0)
  • Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:mysql:mysql-connector-java:5.1.46:*:*:*:*:*:*:*

CVE-2020-2934  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.19 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L).
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.0)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-2875  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N).
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-2933  

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L).
NVD-CWE-noinfo

CVSSv3:
  • Base Score: LOW (2.2)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L/E:0.7/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: netty-codec-4.1.23.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/netty-codec-4.1.23.Final.jar
MD5: d23ad9338741a1d660c68a9d0cac4c6d
SHA1: d6599803bfefbe9a3e226702faade5df0cb678d1
SHA256:c6177cb91f9c065b416530f8ecc495cec3e457652e9bfdc5b21e10effcb23ee2

Identifiers

CVE-2019-20444  

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20445  

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16869  

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11612  

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41915 (OSSINDEX)  

Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. This issue has been patched in version 4.1.86.Final. Integrators can work around the issue by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call, into a `remove()` call, and call `add()` in a loop over the iterator of values.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-41915 for details
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:io.netty:netty-codec:4.1.23.Final:*:*:*:*:*:*:*

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2025-25193  

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: netty-common-4.1.23.Final.jar (shaded: org.jctools:jctools-core:2.1.1)

Description:

Java Concurrency Tools Core Library

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/netty-common-4.1.23.Final.jar/META-INF/maven/org.jctools/jctools-core/pom.xml
MD5: d532029de01ef1c790266dea91b1ecdc
SHA1: f9571c65e428d21c795a34de2b217419dfc0e2f7
SHA256:db8f1cd5b23d38e3dcf7020d739e1c2f9559489051291d8a07095e62b8d7f750

Identifiers

spring-music-sqldb-1.0.jar: netty-common-4.1.23.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/netty-common-4.1.23.Final.jar
MD5: f00e1c8f82841ba33bcd7bd84f633f40
SHA1: 387b1b9d0441646a5cf84eace2b3e15dd07aca47
SHA256:6ae4700a4571c11220ddab53492fd8eb806c1f8588e46ce12c5ae8668e4a858f

Identifiers

CVE-2019-20444  

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20445  

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16869  

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11612  

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2024-47535 (OSSINDEX)  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (6.800000190734863)
  • Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:io.netty:netty-common:4.1.23.Final:*:*:*:*:*:*:*

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2025-25193  

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: netty-transport-4.1.23.Final.jar

Description:

Netty is an asynchronous event-driven network application framework for    rapid development of maintainable high performance protocol servers and    clients.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/netty-transport-4.1.23.Final.jar
MD5: b526820b1d947bfd1a0155cf97cae3de
SHA1: 80dfcc723083e23058878ddbc33f5fb0ce9ec9e9
SHA256:93ca3532c7906f7331260ba34f879bb2da933ff855cccda7eda61caced54346f

Identifiers

CVE-2019-20444  

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20445  

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: CRITICAL (9.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16869  

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-11612  

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37136  

The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-37137  

The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41881  

Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
CWE-674 Uncontrolled Recursion

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2023-44487  

CISA Known Exploited Vulnerability:
  • Product: IETF HTTP/2
  • Name: HTTP/2 Rapid Reset Attack Vulnerability
  • Date Added: 2023-10-10
  • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
  • Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Due Date: 2023-10-31
  • Notes: This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-43797  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34462  

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
CWE-400 Uncontrolled Resource Consumption, CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2021-21295  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is a vulnerability that enables request smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by `Http2MultiplexHandler` as it is propagated up. This is fine as long as the request is not proxied through as HTTP/1.1. If the request comes in as an HTTP/2 stream, gets converted into the HTTP/1.1 domain objects (`HttpRequest`, `HttpContent`, etc.) via `Http2StreamFrameToHttpObjectCodec `and then sent up to the child channel's pipeline and proxied through a remote peer as HTTP/1.1 this may result in request smuggling. In a proxy case, users may assume the content-length is validated somehow, which is not the case. If the request is forwarded to a backend channel that is a HTTP/1.1 connection, the Content-Length now has meaning and needs to be checked. An attacker can smuggle requests inside the body as it gets downgraded from HTTP/2 to HTTP/1.1. For an example attack refer to the linked GitHub Advisory. Users are only affected if all of this is true: `HTTP2MultiplexCodec` or `Http2FrameCodec` is used, `Http2StreamFrameToHttpObjectCodec` is used to convert to HTTP/1.1 objects, and these HTTP/1.1 objects are forwarded to another remote peer. This has been patched in 4.1.60.Final As a workaround, the user can do the validation by themselves by implementing a custom `ChannelInboundHandler` that is put in the `ChannelPipeline` behind `Http2StreamFrameToHttpObjectCodec`.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21409  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2021-21290  

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-24823  

Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one's own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(...) to set the directory to something that is only readable by the current user.
CWE-378 Creation of Temporary File With Insecure Permissions, CWE-379 Creation of Temporary File in Directory with Insecure Permissions, CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (1.9)
  • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2025-25193  

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: nimbus-jose-jwt-10.3.1.jar (shaded: com.google.code.gson:gson:2.12.1)

License:

Apache-2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/nimbus-jose-jwt-10.3.1.jar/META-INF/maven/com.google.code.gson/gson/pom.xml
MD5: 54205b633e8a676f5bb25c188631c854
SHA1: d2c3993ff96e5da39a57e5e0b695eda560949b57
SHA256:0b5735ec85f45282f1e2c769779800427b150a8163f405093a9280b71cab1978

Identifiers

spring-music-sqldb-1.0.jar: nimbus-jose-jwt-10.3.1.jar

Description:

        Java library for Javascript Object Signing and Encryption (JOSE) and
        JSON Web Tokens (JWT)
    

License:

The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/nimbus-jose-jwt-10.3.1.jar
MD5: 735446acf5f7d08dc41c2815f27e0266
SHA1: 4ec9e53a1bb37626adfec4302e20c13d4e56c5bc
SHA256:d7919520ae9702ea06a23cc669c9ed1daa543d12a33a1be214a85b47dfc1c7c8

Identifiers

spring-music-sqldb-1.0.jar: oauth2-oidc-sdk-5.24.1.jar

Description:

		OAuth 2.0 SDK with OpenID Connection extensions for developing
		client and server applications.
	

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.html‎
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/oauth2-oidc-sdk-5.24.1.jar
MD5: 1604afda5f300ebf1a039e99d8047e1c
SHA1: 33d72b291c44dc4b56d94e3456873edc7b3ce0d4
SHA256:0441230ddb3ad1182554e2cd1f7233a776fcd51524e7bce1439607ce92714c8e

Identifiers

spring-music-sqldb-1.0.jar: okhttp-3.3.1.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/okhttp-3.3.1.jar
MD5: 50504ee05596f03f72ffc7b1c901954d
SHA1: 19047bdb6a4fc00a44124f64ca98e88fc204e7e3
SHA256:a47f4efa166551cd5acc04f1071d82dafbf05638c21f9ca13068bc6633e3bff6

Identifiers

CVE-2021-0341 (OSSINDEX)  

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-0341 for details
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:com.squareup.okhttp3:okhttp:3.3.1:*:*:*:*:*:*:*

CVE-2018-20200  

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2023-0833  

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CWE-209 Generation of Error Message Containing Sensitive Information

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: okhttp-urlconnection-3.3.1.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/okhttp-urlconnection-3.3.1.jar
MD5: dae63d9ddbe30a1ced59e48a524028ac
SHA1: 14e70f2069fb98dc60346dd24cb7b6a2e321580d
SHA256:8ca26cc39299a48edc9a4872600df56c94fb3c1f743936f7f3a3daf63e9237c3

Identifiers

CVE-2018-20200  

CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2023-0833  

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.
CWE-209 Generation of Error Message Containing Sensitive Information

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: okio-1.8.0.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/okio-1.8.0.jar
MD5: c03069c230c7a7ebc7b1a3cd2df4d6b3
SHA1: 05ea7af56cc7c567ed9856d99efb30740e9b17ff
SHA256:5cfea5afe6c6e441a4dbf6053a07a733b1249d1009382eb44ac2255ccedd0c15

Identifiers

CVE-2023-3635  

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

CWE-195 Signed to Unsigned Conversion Error, CWE-681 Incorrect Conversion between Numeric Types

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: postgresql-42.2.2.jar (shaded: com.ongres.scram:client:1.0.0-beta.2)

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/postgresql-42.2.2.jar/META-INF/maven/com.ongres.scram/client/pom.xml
MD5: 6a4b184f3b8bf5c818dd05eb6993d59f
SHA1: 33634f5a6256d2149aeb052d554698cfdb8b19eb
SHA256:1110d9b8d5b3f961abfb41fd10abbcc081d15c4aa83ccd1aa29369ba8604ee14

Identifiers

spring-music-sqldb-1.0.jar: postgresql-42.2.2.jar (shaded: com.ongres.scram:common:1.0.0-beta.2)

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/postgresql-42.2.2.jar/META-INF/maven/com.ongres.scram/common/pom.xml
MD5: 082e0e03a6ecbb961dca5b000df8d7e2
SHA1: ef98d7bc51a24f942b9ce52d5db3f75a3daf8466
SHA256:e405da7af7f33d41d4b76f0f0a3f427a65139de4abac79e21e92d4297d922dd1

Identifiers

spring-music-sqldb-1.0.jar: postgresql-42.2.2.jar

Description:

Java JDBC 4.2 (JRE 8+) driver for PostgreSQL database

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/postgresql-42.2.2.jar
MD5: aeaee2a456f269b49d78125d6f492f5d
SHA1: 7ebd60d15eec1f9e796d68212121d92e3dd566b2
SHA256:1996524026a3027853f3932e8639ef813807d1b63fe14832f410fffa4274fa70

Identifiers

CVE-2022-26520 (OSSINDEX)  

In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2022-26520 for details
CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.800000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.postgresql:postgresql:42.2.2:*:*:*:*:*:*:*

CVE-2022-21724  

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.
CWE-665 Improper Initialization

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2024-1597  

pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.28 are affected.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-10936  

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.
CWE-297 Improper Validation of Certificate with Host Mismatch

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2022-31197  

PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (8.0)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:2.1/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13692  

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: HIGH (7.7)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-41946  

pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability.
CWE-668 Exposure of Resource to Wrong Sphere, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor, CWE-377 Insecure Temporary File

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: reactive-streams-1.0.2.jar

Description:

A Protocol for Asynchronous Non-Blocking Data Sequence

License:

CC0: http://creativecommons.org/publicdomain/zero/1.0/
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/reactive-streams-1.0.2.jar
MD5: 022ff8ca0101daeb35c8df9b120ff99e
SHA1: 323964c36556eb0e6209f65c1cef72b53b461ab8
SHA256:cc09ab0b140e0d0496c2165d4b32ce24f4d6446c0a26c5dc77b06bdf99ee8fae

Identifiers

spring-music-sqldb-1.0.jar: reactor-core-3.1.6.RELEASE.jar

Description:

Non-Blocking Reactive Foundation for the JVM

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/reactor-core-3.1.6.RELEASE.jar
MD5: 454d0bf43d43a672d4158fd8a1f8b328
SHA1: 64dfad0f0a0e9022c949d678106d53f083b66d05
SHA256:8d0b2eff83bf25724befe14744e463ff2bb5a1eb3af06f3b6b328fd6271fb0e4

Identifiers

spring-music-sqldb-1.0.jar: retrofit-2.1.0.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/retrofit-2.1.0.jar
MD5: 9e42632359093667f096c532b1261eae
SHA1: 2de7cd8b95b7021b1d597f049bcb422055119f2c
SHA256:b7ae1a8c9f8de27c85ea43238c6c1507e91d33c6411cc52a06b5451842dc28bb

Identifiers

CVE-2018-1000850  

Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vulnerability in RequestBuilder class, method addPathParameter that can result in By manipulating the URL an attacker could add or delete resources otherwise unavailable to her.. This attack appear to be exploitable via An attacker should have access to an encoded path parameter on POST, PUT or DELETE request.. This vulnerability appears to have been fixed in 2.5.0 and later.
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: rxjava-1.3.8.jar

Description:

rxjava

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/rxjava-1.3.8.jar
MD5: 62b34782c8ce3462d5796da7c1e9a9b5
SHA1: 8c192792ad2e65a90867ab418ac49703f44d2baf
SHA256:387df880f226b01cea4b1026d96d34e1da27d5801562742cfce0413c21ef7690

Identifiers

spring-music-sqldb-1.0.jar: slf4j-api-1.7.25.jar

Description:

The slf4j API

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a
SHA256:18c4a0095d5c1da6b817592e767bb23d29dd2f560ad74df75ff3961dbde25b79

Identifiers

spring-music-sqldb-1.0.jar: snakeyaml-1.19.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/snakeyaml-1.19.jar
MD5: 95472b5a0ded8761545342a087e82117
SHA1: 2d998d3d674b172a588e54ab619854d073f555b5
SHA256:0a7b1063fcaeb806b40b728d01b9361d38e1ed8deb93f945994fec7c1761dad1

Identifiers

CVE-2022-1471  

SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.
CWE-502 Deserialization of Untrusted Data, CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2017-18640  

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-25857  

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38749  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38751  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38752  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-41854  

Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

CVE-2022-38750  

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
CWE-787 Out-of-bounds Write, CWE-121 Stack-based Buffer Overflow

CVSSv3:
  • Base Score: MEDIUM (5.5)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: spring-boot-2.0.1.RELEASE.jar

Description:

Spring Boot

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-boot-2.0.1.RELEASE.jar
MD5: dc0f62283e9bfd0a0b3f7a7f4a8503af
SHA1: b8c5b14cbb0e52fdded8f98a8c1493cc74c7cf59
SHA256:31dfbf9b801dbb428e128f5983b12b1efec7ceef19f0a8886c21423055e9a485

Identifiers

CVE-2023-20873  

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27772  

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2023-20883  

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-boot-actuator-2.0.1.RELEASE.jar

Description:

Spring Boot Actuator

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-boot-actuator-2.0.1.RELEASE.jar
MD5: 271399ae372b316fe8f570ef292c8b8c
SHA1: aab310ca611fbdb3fe0f74f3f8644ee012abac8d
SHA256:a949f0f49820bbfe58ac2ddb987397ccc281f878e914321658de98d44ddc3007

Identifiers

CVE-2023-20873  

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27772  

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2023-20883  

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-34055 (OSSINDEX)  

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.

Specifically, an application is vulnerable when all of the following are true:

  *  the application uses Spring MVC or Spring WebFlux
  *  org.springframework.boot:spring-boot-actuator is on the classpath
CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.boot:spring-boot-actuator:2.0.1.RELEASE:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: spring-boot-actuator-autoconfigure-2.0.1.RELEASE.jar

Description:

Spring Boot Actuator AutoConfigure

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-boot-actuator-autoconfigure-2.0.1.RELEASE.jar
MD5: d30318c5e0970493a5e15bd13604cf6a
SHA1: 794aa7d6b6e05563c69a4684d2f5b7c78e209b0a
SHA256:bfb3c9f00a34f150105d603c31556f3222cef6a7962eb08a93afc5d178e7a3b3

Identifiers

CVE-2023-20873  

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27772  

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2023-20883  

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2025-22235 (OSSINDEX)  

EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

Your application may be affected by this if all the following conditions are met:

  *  You use Spring Security
  *  EndpointRequest.to() has been used in a Spring Security chain configuration
  *  The endpoint which EndpointRequest references is disabled or not exposed via web
  *  Your application handles requests to /null and this path needs protection


You are not affected if any of the following is true:

  *  You don't use Spring Security
  *  You don't use EndpointRequest.to()
  *  The endpoint which EndpointRequest.to() refers to is enabled and is exposed
  *  Your application does not handle requests to /null or this path does not need protection

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-22235 for details
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (6.300000190734863)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.boot:spring-boot-actuator-autoconfigure:2.0.1.RELEASE:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: spring-boot-starter-web-2.0.1.RELEASE.jar

Description:

Starter for building web, including RESTful, applications using Spring
		MVC. Uses Tomcat as the default embedded container

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-boot-starter-web-2.0.1.RELEASE.jar
MD5: 482276ec84e454e3549584bafb755987
SHA1: 88751ed76791d12425ce5a80476baf1749a44cf4
SHA256:814f0a24d379bca0118c92bb0d6cac34497ab8f79a9bfe62fb46e8dc118ae94c

Identifiers

CVE-2023-20873  

In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-27772  

spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CWE-668 Exposure of Resource to Wrong Sphere

CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.6)
  • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2023-20883  

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar (shaded: com.fasterxml.jackson.core:jackson-annotations:2.3.0)

Description:

Core annotations used for value types, used by Jackson data binding package.
  

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-annotations/pom.xml
MD5: 920a7c797babb215595b83388a2cab1a
SHA1: bf2a064aec0f86ef110ded6b11147350cfef0bb7
SHA256:4a51ac0c3696f8974d8dde4e6d464e8d03d5a919eb6d365ca6b410e1f6a7cf6c

Identifiers

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar (shaded: com.fasterxml.jackson.core:jackson-core:2.3.3)

Description:

Core Jackson abstractions, basic JSON streaming API implementation
  

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-core/pom.xml
MD5: 57bca813b5307e3154e7d8eeddb5c156
SHA1: fc05676963f49f5c338cdc115b4ff74dfe041c4f
SHA256:e8135af60a414a92b4d8d647e0487d1d728d74987fd65b4c33fce7fe09052488

Identifiers

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.3.3)

Description:

General data-binding functionality for Jackson: works on core streaming API

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml
MD5: 04e23f17a1150e7ec1f70eeac734af7d
SHA1: fc2fa919676ab9574a7e312fd44741e5569b86a1
SHA256:711e6ba52cbad60347308ff19e464851c2aca09ec50b2a411b14d06d8df9ee84

Identifiers

CVE-2017-15095  

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete List of Disallowed Inputs

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-17485  

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2017-7525  

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.
CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete List of Disallowed Inputs

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11307  

An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14718  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-14719  

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-7489  

FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.
CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete List of Disallowed Inputs

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14379  

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14540  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14892  

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
CWE-502 Deserialization of Untrusted Data, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16335  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16942  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-16943  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-17267  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-17531  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-20330  

FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8840  

FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9547  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-9548  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10673  

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
CWE-502 Deserialization of Untrusted Data, NVD-CWE-Other

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-5968  

FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.
CWE-502 Deserialization of Untrusted Data, CWE-184 Incomplete List of Disallowed Inputs

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10650  

A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.jta.jndi.CacheJndiTmLookup, org.apache.ignite.cache.jta.jndi.CacheJndiTmFactory, and org.quartz.utils.JNDIConnectionProvider.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2020-24616  

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-24750  

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35490  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-35491  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36179  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36180  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36181  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36182  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36183  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36184  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36185  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36186  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36187  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36188  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36189  

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-20190  

A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (8.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2018-12022  

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.1)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12086  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14439  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-36518  

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
CWE-787 Out-of-bounds Write

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42003  

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2022-42004  

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1000873  

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.
CWE-20 Improper Input Validation

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12384  

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-12814  

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2023-35116  

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (4.7)
  • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A

References:

Vulnerable Software & Versions:

spring-music-sqldb-1.0.jar: spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar

Description:

Spring Cloud Connectors Cloud Foundry Connector

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-cloud-cloudfoundry-connector-2.0.1.RELEASE.jar
MD5: 96180bb747a2db14684576adc81d6a82
SHA1: d723add3f7cd620235bb4b994551bb66fe9cffa0
SHA256:c913a8554214e9c24e3b58fbb6d9e4c6605518f510ea90cd7ae03a0ed5b15f41

Identifiers

CVE-2016-5006  

The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-6637  

Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allow remote attackers to hijack the authentication of unspecified victims for requests that approve or deny a scope via a profile or authorize approval page.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv3:
  • Base Score: CRITICAL (9.6)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-4468  

SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-6651  

The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2016-3084  

The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
CWE-264 Permissions, Privileges, and Access Controls

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-6659  

Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, and 3.7.x through 3.9.x before 3.9.3; and UAA bosh release (aka uaa-release) before 13.9 for UAA 3.6.5 and before 24 for UAA 3.9.3 allow attackers to gain privileges by accessing UAA logs and subsequently running a specially crafted application that interacts with a configured SAML provider.
CWE-287 Improper Authentication

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (2.6)
  • Vector: /AV:N/AC:H/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-5016  

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2016-6636  

The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-cloud-connectors-core-2.0.1.RELEASE.jar

Description:

Spring Cloud Connectors Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-cloud-connectors-core-2.0.1.RELEASE.jar
MD5: dbb34ee8b5a2eb9bc6c52c1d8a0b1045
SHA1: 8aa0c1977cc592d475c56fdfedb2e79f0c026356
SHA256:03b67f724c5fa181dfc786fcb744e06a35ef030a628d2007406c730f9d0591b8

Identifiers

spring-music-sqldb-1.0.jar: spring-cloud-spring-service-connector-2.0.1.RELEASE.jar

Description:

Spring Cloud Connectors Spring Service Connectors

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-cloud-spring-service-connector-2.0.1.RELEASE.jar
MD5: c098887d14db24e752a8dfaf744d35f8
SHA1: 5a114c00eb26b68b88a8c8d1948cadbd8d24d634
SHA256:37625da0a07fe04e19c249addef52c766445acac2283083429d51ccadd4ee6ac

Identifiers

spring-music-sqldb-1.0.jar: spring-context-5.0.5.RELEASE.jar

Description:

Spring Context

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-context-5.0.5.RELEASE.jar
MD5: 0b5681097790036a3244012f825b60db
SHA1: 9cca4bf5acb693249a01c218f471c677b951d6e2
SHA256:82dd82e805cdebf55103e4bcb67c85d766665ee33a15b7f4b033863477d26a1e

Identifiers

CVE-2022-22965  

CISA Known Exploited Vulnerability:
  • Product: VMware Spring Framework
  • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
  • Date Added: 2022-04-04
  • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-04-25
  • Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2024-22259  

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11040  

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-15756  

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5398  

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-494 Download of Code Without Integrity Check

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.6)
  • Vector: /AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1257  

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5421  

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22950  

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20861  

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11039  

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968  

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22970  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2025-22233 (OSSINDEX)  

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.

Affected Spring Products and Versions

Spring Framework:
  *  6.2.0 - 6.2.6

  *  6.1.0 - 6.1.19

  *  6.0.0 - 6.0.27

  *  5.3.0 - 5.3.42
  *  Older, unsupported versions are also affected



Mitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s)Fix Version Availability 6.2.x
 6.2.7
OSS6.1.x
 6.1.20
OSS6.0.x
 6.0.28
 Commercial https://enterprise.spring.io/ 5.3.x
 5.3.43
 Commercial https://enterprise.spring.io/ 
No further mitigation steps are necessary.


Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.

For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.

Credit

This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-22233 for details
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: LOW (2.299999952316284)
  • Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-context:5.0.5.RELEASE:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: spring-core-5.0.5.RELEASE.jar

Description:

Spring Core

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-core-5.0.5.RELEASE.jar
MD5: 988f815ea07b27f70cc2932c4b8c8392
SHA1: 1bd9feb1d9dac6accd27f5244b6c47cfcb55045c
SHA256:49fd3a5ae95ad46cd3b43302150246fdb4abeb1f99fad0ea8c843ec79092ba69

Identifiers

CVE-2022-22965  

CISA Known Exploited Vulnerability:
  • Product: VMware Spring Framework
  • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
  • Date Added: 2022-04-04
  • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-04-25
  • Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2024-22259  

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11040  

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-15756  

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5398  

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-494 Download of Code Without Integrity Check

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.6)
  • Vector: /AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1257  

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5421  

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22950  

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20861  

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11039  

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968  

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22970  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-data-commons-2.0.6.RELEASE.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-data-commons-2.0.6.RELEASE.jar
MD5: 13ff69d6655acfbd8dce2885c5ff3b4d
SHA1: 4d65fdcbe258961e866f4f85c87c13193bbfd18c
SHA256:8747a7a6d3cc7bd19f0992ccd4f56b40a9562ad0b3ad76d856c2e8a66134bf73

Identifiers

CVE-2018-1259  

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict external reference expansion. An unauthenticated remote malicious user can supply specially crafted request parameters against Spring Data's projection-based request payload binding to access arbitrary files on the system.
CWE-611 Improper Restriction of XML External Entity Reference

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-data-jpa-2.0.6.RELEASE.jar

Description:

Spring Data module for JPA repositories.

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-data-jpa-2.0.6.RELEASE.jar
MD5: 47aae6a594965bf41a1120b75a690a13
SHA1: 02c683dfbd06551bfd6cc7e05f9d13f5c54c79ba
SHA256:e5b2b64c68ab1b2d04727ff49fc7d35921c06d1be7accfae6abc80cbb86cb1f7

Identifiers

CVE-2019-3797 (OSSINDEX)  

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more results than anticipated when a maliciously crafted query parameter value is supplied. Also, LIKE expressions in manually defined queries could return unexpected results if the parameter values bound did not have escaped reserved characters properly.
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.data:spring-data-jpa:2.0.6.RELEASE:*:*:*:*:*:*:*

CVE-2019-3802 (OSSINDEX)  

This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied.
CWE-155 Improper Neutralization of Wildcards or Matching Symbols

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework.data:spring-data-jpa:2.0.6.RELEASE:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: spring-data-keyvalue-2.0.6.RELEASE.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-data-keyvalue-2.0.6.RELEASE.jar
MD5: 67b923530200be45290959020039e2f6
SHA1: 196bdab74df54f58eb8af77127235fe360c79f50
SHA256:807b74576b9b2aa23c14a77c7a9763b84671b9a933600fa7f7544366c1f036c6

Identifiers

spring-music-sqldb-1.0.jar: spring-data-mongodb-2.0.6.RELEASE.jar

Description:

MongoDB support for Spring Data

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-data-mongodb-2.0.6.RELEASE.jar
MD5: 74ec3fbe42441e68b2c467f98414888b
SHA1: ee9fedc59c82ae75021ac1277f73ec87146670fd
SHA256:1583dc32c5e39b78f3c0b452349830791be0740cf9b4fb291d65cf94ecadb265

Identifiers

CVE-2022-22980  

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.
CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-data-redis-2.0.6.RELEASE.jar

File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-data-redis-2.0.6.RELEASE.jar
MD5: b8e45b2e68ce0102fe7598df1c127e66
SHA1: bbe9a86b233e3bee31b396231a46a36905da9fb9
SHA256:021ce83a42ae11aa7143a1c6b8449a1de18de8f29dfbd9706475ec100b700cfc

Identifiers

spring-music-sqldb-1.0.jar: spring-expression-5.0.5.RELEASE.jar

Description:

Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-expression-5.0.5.RELEASE.jar
MD5: 9677c528a2215d259d6ff0d820d1b415
SHA1: fc6c7a95aeb7d00f4c65c338b08d97767eb0dd99
SHA256:0b935cc876323f04c9ad0015d7cb304f15fd62486d28e73e4f98ed1ed2dff828

Identifiers

CVE-2022-22965  

CISA Known Exploited Vulnerability:
  • Product: VMware Spring Framework
  • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
  • Date Added: 2022-04-04
  • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-04-25
  • Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2024-22259  

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11040  

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-15756  

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5398  

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-494 Download of Code Without Integrity Check

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.6)
  • Vector: /AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1257  

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5421  

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22950  

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20861  

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20863 (OSSINDEX)  

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-expression:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2018-11039  

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2024-38808 (OSSINDEX)  

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.

Specifically, an application is vulnerable when the following is true:

  *  The application evaluates user-supplied SpEL expressions.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-38808 for details
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-expression:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2022-22968  

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22970  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

spring-music-sqldb-1.0.jar: spring-web-5.0.5.RELEASE.jar

Description:

Spring Web

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-web-5.0.5.RELEASE.jar
MD5: de6aff2fbceef7fdcafe9e1cc1245c0a
SHA1: d51dbb5cabe72ae02e400577bac48f7fc94088de
SHA256:810373a45d353a52978b132fa0da4f954b6d05d78a4b7e4de25c9d2bcf64840b

Identifiers

CVE-2016-1000027  

Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data.
CWE-502 Deserialization of Untrusted Data

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2022-22965  

CISA Known Exploited Vulnerability:
  • Product: VMware Spring Framework
  • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
  • Date Added: 2022-04-04
  • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-04-25
  • Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2024-38809 (OSSINDEX)  

Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack.

Users of affected versions should upgrade to the corresponding fixed version.

Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: HIGH (8.699999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2024-22243 (OSSINDEX)  

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2024-22243 for details
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.100000381469727)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2024-22262 (OSSINDEX)  

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22259 https://spring.io/security/cve-2024-22259  and  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.100000381469727)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2024-22259  

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22118 (OSSINDEX)  

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a privilege escalation: by (re)creating the temporary storage directory, a locally authenticated malicious user can read or modify files that have been uploaded to the WebFlux application, or overwrite arbitrary files with multipart request data.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-22118 for details
CWE-269 Improper Privilege Management

CVSSv3:
  • Base Score: HIGH (7.800000190734863)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2018-11040  

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-15756  

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5398  

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-494 Download of Code Without Integrity Check

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.6)
  • Vector: /AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2025-41234 (OSSINDEX)  

Description

In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input.

Specifically, an application is vulnerable when all the following are true:

  *  The header is prepared with org.springframework.http.ContentDisposition.
  *  The filename is set via ContentDisposition.Builder#filename(String, Charset).
  *  The value for the filename is derived from user-supplied input.
  *  The application does not sanitize the user-supplied input.
  *  The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details).


An application is not vulnerable if any of the following is true:

  *  The application does not set a “Content-Disposition” response header.
  *  The header is not prepared with org.springframework.http.ContentDisposition.
  *  The filename is set via one of:  *  ContentDisposition.Builder#filename(String), or
  *  ContentDisposition.Builder#filename(String, ASCII)



  *  The filename is not derived from user-supplied input.
  *  The filename is derived from user-supplied input but sanitized by the application.
  *  The attacker cannot inject malicious content in the downloaded content of the response.


Affected Spring Products and VersionsSpring Framework:

  *  6.2.0 - 6.2.7
  *  6.1.0 - 6.1.20
  *  6.0.5 - 6.0.28
  *  Older, unsupported versions are not affected


MitigationUsers of affected versions should upgrade to the corresponding fixed version.

Affected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.


CWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-41234 for details
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CVSSv2:
  • Base Score: HIGH (7.400000095367432)
  • Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2024-38828 (OSSINDEX)  

Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
CWE-400 Uncontrolled Resource Consumption

CVSSv2:
  • Base Score: MEDIUM (6.900000095367432)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2018-1257  

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5421  

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22950  

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20861  

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11039  

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22968  

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22970  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22096 (OSSINDEX)  

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
CWE-117 Improper Output Neutralization for Logs

CVSSv3:
  • Base Score: MEDIUM (4.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-web:5.0.5.RELEASE:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: spring-webmvc-5.0.5.RELEASE.jar

Description:

Spring Web MVC

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/spring-webmvc-5.0.5.RELEASE.jar
MD5: 34339930599a55ee87ac9bfd08d1aca3
SHA1: 0a7fd53c7ad06b0fa7dd4ff347de1b2dc508739e
SHA256:9898bb0d8f3109434afc0e92754cc867ac6963227e9ca0100b7e4f2bf11a5658

Identifiers

CVE-2022-22965  

CISA Known Exploited Vulnerability:
  • Product: VMware Spring Framework
  • Name: Spring Framework JDK 9+ Remote Code Execution Vulnerability
  • Date Added: 2022-04-04
  • Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-04-25
  • Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1258  

Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
CWE-863 Incorrect Authorization

CVSSv3:
  • Base Score: HIGH (8.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (6.5)
  • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2024-22259  

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as  CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11040  

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests.
CWE-829 Inclusion of Functionality from Untrusted Control Sphere

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2018-15756  

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5398  

In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-494 Download of Code Without Integrity Check

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.6)
  • Vector: /AV:N/AC:H/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1257  

Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5421  

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N/E:1.3/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.6)
  • Vector: /AV:N/AC:H/Au:S/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22950  

n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.0)
  • Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2023-20861  

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.
CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (6.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2018-11039  

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
NVD-CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (5.9)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-5397 (OSSINDEX)  

Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2020-5397 for details
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv3:
  • Base Score: MEDIUM (5.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-webmvc:5.0.5.RELEASE:*:*:*:*:*:*:*

CVE-2022-22968  

In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path.
CWE-178 Improper Handling of Case Sensitivity

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2022-22970  

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv3:
  • Base Score: MEDIUM (5.3)
  • Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.6/RC:R/MAV:A
CVSSv2:
  • Base Score: LOW (3.5)
  • Vector: /AV:N/AC:M/Au:S/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2021-22060 (OSSINDEX)  

In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
CWE-noinfo

CVSSv3:
  • Base Score: MEDIUM (4.300000190734863)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.springframework:spring-webmvc:5.0.5.RELEASE:*:*:*:*:*:*:*

spring-music-sqldb-1.0.jar: tomcat-embed-core-8.5.29.jar

Description:

Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/tomcat-embed-core-8.5.29.jar
MD5: 73033b27fd1ce1875d83da62a9fdd7cc
SHA1: 51eac5adde4bc019261b787cb99e5548206908e6
SHA256:5e821019abc6b19890753c8f6b076893434b264716b7ead980a598fcdfbaafb2

Identifiers

CVE-2018-8014  

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
CWE-1188 Insecure Default Initialization of Resource

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1938  

CISA Known Exploited Vulnerability:
  • Product: Apache Tomcat
  • Name: Apache Tomcat Improper Privilege Management Vulnerability
  • Date Added: 2022-03-03
  • Description: Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2022-03-17
  • Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-1938

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
NVD-CWE-Other

CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2025-48988 (OSSINDEX)  

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.

Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.

Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2025-48988 for details
CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:
  • Base Score: HIGH (8.699999809265137)
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

References:

Vulnerable Software & Versions (OSSINDEX):

  • cpe:2.3:a:org.apache.tomcat.embed:tomcat-embed-core:8.5.29:*:*:*:*:*:*:*

CVE-2022-25762  

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
CWE-404 Improper Resource Shutdown or Release

CVSSv3:
  • Base Score: HIGH (8.6)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-0232  

When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv3:
  • Base Score: HIGH (8.1)
  • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
CVSSv2:
  • Base Score: HIGH (9.3)
  • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1336  

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2018-8034  

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
CWE-295 Improper Certificate Validation

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-0199  

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
CWE-400 Uncontrolled Resource Consumption

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2019-10072  

The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
CWE-667 Improper Locking

CVSSv3:
  • Base Score: HIGH (7.5)
  • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-17563  

    When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
    CWE-384 Session Fixation

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.1)
    • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-11996  

    A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
    NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-13934  

    An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
    CWE-401 Missing Release of Memory after Effective Lifetime, CWE-476 NULL Pointer Dereference

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-13935  

    The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
    CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-17527  

    While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-25122  

    When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-41079  

    Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
    CWE-20 Improper Input Validation, CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-42252  

    If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-44487  

    CISA Known Exploited Vulnerability:
    • Product: IETF HTTP/2
    • Name: HTTP/2 Rapid Reset Attack Vulnerability
    • Date Added: 2023-10-10
    • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
    • Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
    • Due Date: 2023-10-31
    • Notes: This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-46589  

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
    request as multiple requests leading to the possibility of request 
    smuggling when behind a reverse proxy.
    
    Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2024-24549  

    Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.
    
    Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
    CWE-20 Improper Input Validation, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-12418  

    When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.
    NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.0)
    • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.4)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-9484  

    When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
    CWE-502 Deserialization of Untrusted Data

    CVSSv3:
    • Base Score: HIGH (7.0)
    • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.4)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-25329  

    The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
    NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.0)
    • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.4)
    • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-30640  

    A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
    CWE-116 Improper Encoding or Escaping of Output

    CVSSv3:
    • Base Score: MEDIUM (6.5)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.8)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2024-23672  

    Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.
    
    Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
    CWE-459 Incomplete Cleanup

    CVSSv3:
    • Base Score: MEDIUM (6.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-0221  

    The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-41080  

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
    
    The vulnerability is limited to the ROOT (default) web application.
    CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2018-8037  

    If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.
    CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    CVSSv3:
    • Base Score: MEDIUM (5.9)
    • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-2684  

    Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
    NVD-CWE-noinfo

    CVSSv3:
    • Base Score: MEDIUM (5.9)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-24122  

    When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.
    CWE-706 Use of Incorrectly-Resolved Name or Reference, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

    CVSSv3:
    • Base Score: MEDIUM (5.9)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-33037  

    Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-42795  

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
    cause Tomcat to skip some parts of the recycling process leading to 
    information leaking from the current request/response to the next.
    
    Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
    CWE-459 Incomplete Cleanup

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-45648  

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
    crafted, invalid trailer header could cause Tomcat to treat a single 
    request as multiple requests leading to the possibility of request 
    smuggling when behind a reverse proxy.
    
    Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
    CWE-20 Improper Input Validation, NVD-CWE-Other

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2024-21733  

    Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.
    
    Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
    CWE-209 Generation of Error Message Containing Sensitive Information

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-1935  

    In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: MEDIUM (4.8)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.8)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2018-11784  

    When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
    CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-13943  

    If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
    NVD-CWE-noinfo

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (4.0)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-28708  

    When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
    
    
    
    
    
    
    
    
    CWE-523 Unprotected Transport of Credentials

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2021-43980  

    The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
    CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    CVSSv3:
    • Base Score: LOW (3.7)
    • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:2.2/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    spring-music-sqldb-1.0.jar: tomcat-embed-el-8.5.29.jar

    Description:

    Core Tomcat implementation

    License:

    Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/tomcat-embed-el-8.5.29.jar
    MD5: 90ad99f3af6b4486e146395dece7171b
    SHA1: 893fb2c87ec1aa248a7911d76c0c06b3fca6bc9b
    SHA256:fbcc56e655f22f3c375b0719e08a34cad4289b6b4f79d97da3cb3029ca9f9511

    Identifiers

    spring-music-sqldb-1.0.jar: tomcat-embed-websocket-8.5.29.jar

    Description:

    Core Tomcat implementation

    License:

    Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/tomcat-embed-websocket-8.5.29.jar
    MD5: 71d21947758dd569b676b6880540a33b
    SHA1: 37786f4ca8a1597a91a0f437e659a76d1fcc5bf1
    SHA256:64b542d14547f8919715e66896af659fdd4b64842f3c566be234fc9170023528

    Identifiers

    CVE-2018-8014  

    The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.
    CWE-1188 Insecure Default Initialization of Resource

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-1938  

    CISA Known Exploited Vulnerability:
    • Product: Apache Tomcat
    • Name: Apache Tomcat Improper Privilege Management Vulnerability
    • Date Added: 2022-03-03
    • Description: Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.
    • Required Action: Apply updates per vendor instructions.
    • Due Date: 2022-03-17
    • Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-1938

    When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
    NVD-CWE-Other

    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2022-25762  

    If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
    CWE-404 Improper Resource Shutdown or Release

    CVSSv3:
    • Base Score: HIGH (8.6)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-0232  

    When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
    CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

    CVSSv3:
    • Base Score: HIGH (8.1)
    • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A
    CVSSv2:
    • Base Score: HIGH (9.3)
    • Vector: /AV:N/AC:M/Au:N/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-8022  

    A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
    CWE-276 Incorrect Default Permissions

    CVSSv3:
    • Base Score: HIGH (7.8)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A
    CVSSv2:
    • Base Score: HIGH (7.2)
    • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2018-1336  

    An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.
    CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2018-8034  

    The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.
    CWE-295 Improper Certificate Validation

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-0199  

    The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessive numbers of SETTINGS frames and also permitted clients to keep streams open without reading/writing request/response data. By keeping streams open for requests that utilised the Servlet API's blocking I/O, clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
    CWE-400 Uncontrolled Resource Consumption

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2019-10072  

    The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause server-side threads to block eventually leading to thread exhaustion and a DoS.
    CWE-667 Improper Locking

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

    References:

      Vulnerable Software & Versions: (show all)

      CVE-2019-17563  

      When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
      CWE-384 Session Fixation

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:1.6/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.1)
      • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-11996  

      A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-13934  

      An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service.
      CWE-401 Missing Release of Memory after Effective Lifetime, CWE-476 NULL Pointer Dereference

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-13935  

      The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.
      CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-17527  

      While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.
      CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-25122  

      When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.
      CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-41079  

      Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service.
      CWE-20 Improper Input Validation, CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2022-42252  

      If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
      CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-44487  

      CISA Known Exploited Vulnerability:
      • Product: IETF HTTP/2
      • Name: HTTP/2 Rapid Reset Attack Vulnerability
      • Date Added: 2023-10-10
      • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
      • Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
      • Due Date: 2023-10-31
      • Notes: This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

      The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
      CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-46589  

      Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
      request as multiple requests leading to the possibility of request 
      smuggling when behind a reverse proxy.
      
      Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
      CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2024-24549  

      Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.
      
      Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
      CWE-20 Improper Input Validation, NVD-CWE-noinfo

      CVSSv3:
      • Base Score: HIGH (7.5)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2019-12418  

      When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 and 7.0.97 is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: HIGH (7.0)
      • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.4)
      • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-9484  

      When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
      CWE-502 Deserialization of Untrusted Data

      CVSSv3:
      • Base Score: HIGH (7.0)
      • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.4)
      • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-25329  

      The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: HIGH (7.0)
      • Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.0/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.4)
      • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-30640  

      A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
      CWE-116 Improper Encoding or Escaping of Output

      CVSSv3:
      • Base Score: MEDIUM (6.5)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2024-23672  

      Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98.
      
      Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue.
      CWE-459 Incomplete Cleanup

      CVSSv3:
      • Base Score: MEDIUM (6.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2019-0221  

      The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.
      CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-41080  

      URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
      
      The vulnerability is limited to the ROOT (default) web application.
      CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

      CVSSv3:
      • Base Score: MEDIUM (6.1)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-8037  

      If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.
      CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2019-2684  

      Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 7u211, 8u202, 11.0.2 and 12; Java SE Embedded: 8u201. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-24122  

      When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances.
      CWE-706 Use of Incorrectly-Resolved Name or Reference, CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

      CVSSv3:
      • Base Score: MEDIUM (5.9)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-33037  

      Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
      CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.0)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-42795  

      Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
      cause Tomcat to skip some parts of the recycling process leading to 
      information leaking from the current request/response to the next.
      
      Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
      CWE-459 Incomplete Cleanup

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-45648  

      Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
      crafted, invalid trailer header could cause Tomcat to treat a single 
      request as multiple requests leading to the possibility of request 
      smuggling when behind a reverse proxy.
      
      Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
      CWE-20 Improper Input Validation, NVD-CWE-Other

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2024-21733  

      Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43.
      
      Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.
      CWE-209 Generation of Error Message Containing Sensitive Information

      CVSSv3:
      • Base Score: MEDIUM (5.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-1935  

      In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
      CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

      CVSSv3:
      • Base Score: MEDIUM (4.8)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:2.2/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (5.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2018-11784  

      When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice.
      CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

      CVSSv3:
      • Base Score: MEDIUM (4.3)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.3)
      • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2020-13943  

      If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
      NVD-CWE-noinfo

      CVSSv3:
      • Base Score: MEDIUM (4.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A
      CVSSv2:
      • Base Score: MEDIUM (4.0)
      • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2023-28708  

      When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
      
      
      
      
      
      
      
      
      CWE-523 Unprotected Transport of Credentials

      CVSSv3:
      • Base Score: MEDIUM (4.3)
      • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2021-43980  

      The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
      CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

      CVSSv3:
      • Base Score: LOW (3.7)
      • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:2.2/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      spring-music-sqldb-1.0.jar: validation-api-2.0.1.Final.jar

      Description:

              Bean Validation API
          

      License:

      Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
      File Path: /github/workspace/build/libs/spring-music-sqldb-1.0.jar/BOOT-INF/lib/validation-api-2.0.1.Final.jar
      MD5: 5d02c034034a7a16725ceff787e191d6
      SHA1: cb855558e6271b1b32e716d24cb85c7f583ce09e
      SHA256:9873b46df1833c9ee8f5bc1ff6853375115dadd8897bcb5a0dffb5848835ee6c

      Identifiers

      status.js

      File Path: /github/workspace/build/resources/main/static/js/status.js
      MD5: 17aeb2e23abc1780d646852db444ad85
      SHA1: 9f5f323d09a60d84488bd1416bba51f8898df834
      SHA256:52f6b0bd287c53317bcd4b5315c8d506c37617b5db27c7fdc124c1b24fc1adf1

      Identifiers

      • None


      This report contains data retrieved from the National Vulnerability Database.
      This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
      This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
      This report may contain data retrieved from RetireJS.
      This report may contain data retrieved from the Sonatype OSS Index.